# Injected by web-app-bluesky (same pattern as web-app-yourls)
# Exposes a same-origin /config to avoid CORS when the social-app fetches config.
location = /config {
    proxy_pass {{ BLUESKY_CONFIG_UPSTREAM_URL }};
    
    {# Just extract hostname #}
    set $up_host "{{ BLUESKY_CONFIG_UPSTREAM_URL | regex_replace('^https?://', '') | regex_replace('/.*$', '') }}";
    proxy_set_header Host $up_host;
    proxy_http_version 1.1;
    proxy_set_header Connection "";
    proxy_ssl_server_name on;

    {# Access Control Allow Configurations #}
    proxy_hide_header Access-Control-Allow-Origin;
    {% include 'roles/sys-svc-proxy/templates/headers/access_control_allow.conf.j2' %}
}

location = /ipcc {
    proxy_pass https://bsky.app/ipcc;
    set $up_host "bsky.app";
    proxy_set_header Host $up_host;
    proxy_http_version 1.1;
    proxy_set_header Connection "";
    proxy_ssl_server_name on;

    {# Access Control Allow Configurations #}
    proxy_hide_header Access-Control-Allow-Origin;
    {% include 'roles/sys-svc-proxy/templates/headers/access_control_allow.conf.j2' %}
}