fix: invidious

2025-11-03 14:43:28 +01:00
parent 709a24366a
commit 04c08bf419
4 changed files with 189 additions and 41 deletions
--- a/hosts/fw/modules/web/piped.nix
+++ b/hosts/fw/modules/web/piped.nix
@@ -190,9 +190,9 @@ in
    '';
  };

-  # Piped Backend Podman container (using custom image with iOS compatibility fixes)
+  # Piped Backend Podman container (using official upstream image)
  virtualisation.oci-containers.containers.piped-backend = {
-    image = "git.cloonar.com/infrastructure/piped-backend:latest";
+    image = "1337kavin/piped:latest";
    ports = [ "127.0.0.1:${toString backendPort}:${toString backendPort}" ];
    volumes = [
      "/var/lib/piped/config/config.properties:/app/config.properties:ro"
@@ -270,6 +270,24 @@ in
      proxyPass = "http://127.0.0.1:${toString backendPort}/";
      proxyWebsockets = true;
      extraConfig = ''
+        # Hide CORS headers from backend to avoid duplicates
+        proxy_hide_header Access-Control-Allow-Origin;
+        proxy_hide_header Access-Control-Allow-Methods;
+        proxy_hide_header Access-Control-Allow-Headers;
+        proxy_hide_header Access-Control-Expose-Headers;
+        proxy_hide_header Access-Control-Allow-Credentials;
+
+        # CORS headers for iOS API requests
+        add_header Access-Control-Allow-Origin * always;
+        add_header Access-Control-Allow-Methods "GET, POST, HEAD, OPTIONS" always;
+        add_header Access-Control-Allow-Headers "Range, Content-Type, Authorization" always;
+        add_header Access-Control-Expose-Headers "Content-Length, Content-Range" always;
+
+        # Handle preflight requests
+        if ($request_method = OPTIONS) {
+          return 204;
+        }
+
        # Increase timeouts for long-running requests
        proxy_connect_timeout 600s;
        proxy_send_timeout 600s;
@@ -281,9 +299,23 @@ in
    locations."/proxy/" = {
      proxyPass = "http://127.0.0.1:${toString proxyPort}/";
      extraConfig = ''
-        # CORS headers for video streaming (restricted to own frontend)
-        # add_header Access-Control-Allow-Origin https://${domain} always;
-        # add_header Access-Control-Allow-Credentials "true" always;
+        # Hide CORS headers from proxy to avoid duplicates
+        proxy_hide_header Access-Control-Allow-Origin;
+        proxy_hide_header Access-Control-Allow-Methods;
+        proxy_hide_header Access-Control-Allow-Headers;
+        proxy_hide_header Access-Control-Expose-Headers;
+        proxy_hide_header Access-Control-Allow-Credentials;
+
+        # CORS headers for iOS HLS video streaming
+        add_header Access-Control-Allow-Origin * always;
+        add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS" always;
+        add_header Access-Control-Allow-Headers "Range, Content-Type" always;
+        add_header Access-Control-Expose-Headers "Content-Length, Content-Range" always;
+
+        # Handle preflight requests
+        if ($request_method = OPTIONS) {
+          return 204;
+        }

        proxy_buffering on;