From b496b0a58bd48b6655789e29d60253fcafd0b2f2 Mon Sep 17 00:00:00 2001
From: zzlgreat <zzlgreat@gmail.com>
Date: Tue, 16 Dec 2025 08:32:33 +0800
Subject: [PATCH] update watchlist

---
 nginx-110.42.32.207.conf | 36 +++++++++++++++++++++++++-----------
 1 file changed, 25 insertions(+), 11 deletions(-)

diff --git a/nginx-110.42.32.207.conf b/nginx-110.42.32.207.conf
index abf898b9..c651c8aa 100644
--- a/nginx-110.42.32.207.conf
+++ b/nginx-110.42.32.207.conf
@@ -172,6 +172,24 @@ server {
     # MCP 服务（本地）
     # ============================================
     location /mcp/ {
+        # 处理 OPTIONS 预检请求
+        if ($request_method = 'OPTIONS') {
+            add_header 'Access-Control-Allow-Origin' $cors_origin always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
+            add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization, X-Requested-With, Cookie' always;
+            add_header 'Access-Control-Allow-Credentials' 'true' always;
+            add_header 'Access-Control-Max-Age' 86400;
+            add_header 'Content-Length' 0;
+            return 204;
+        }
+
+        # 隐藏后端返回的 CORS 头（避免重复）
+        proxy_hide_header Access-Control-Allow-Origin;
+        proxy_hide_header Access-Control-Allow-Credentials;
+        proxy_hide_header Access-Control-Allow-Methods;
+        proxy_hide_header Access-Control-Allow-Headers;
+        proxy_hide_header Access-Control-Expose-Headers;
+
         proxy_pass http://127.0.0.1:8900/;
         proxy_http_version 1.1;
         proxy_set_header Host $host;
@@ -180,24 +198,20 @@ server {
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header Connection '';
 
+        # 统一添加 CORS 头
+        add_header 'Access-Control-Allow-Origin' $cors_origin always;
+        add_header 'Access-Control-Allow-Credentials' 'true' always;
+
+        # SSE 流式响应配置
         proxy_buffering off;
         proxy_cache off;
         chunked_transfer_encoding on;
+        gzip off;
+        add_header X-Accel-Buffering no;
 
         proxy_connect_timeout 75s;
         proxy_send_timeout 300s;
         proxy_read_timeout 300s;
-
-        gzip off;
-        add_header X-Accel-Buffering no;
-        add_header 'Access-Control-Allow-Origin' $cors_origin always;
-        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
-        add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With' always;
-        add_header 'Access-Control-Allow-Credentials' 'true' always;
-
-        if ($request_method = 'OPTIONS') {
-            return 204;
-        }
     }
 
     # ============================================