fix: formatting and explanatory comments

.github/workflows/cypress-e2e.yml

@@ -47,7 +47,9 @@ jobs:
         uses: cypress-io/github-action@v6
         env:
           CYPRESS_IDAPI_CLIENT_ACCESS_TOKEN: ${{ secrets.IDAPI_CLIENT_ACCESS_TOKEN }}
-          # Required for the Cypress tests to run as we're unable to verify the created certs
+          # This env variable prevents Node from rejecting self-signed TLS certificates. It's
+          # required for the Cypress tests to run as we're unable to verify the created certs.
+          # See: https://nodejs.org/api/cli.html#node_tls_reject_unauthorizedvalue
           NODE_TLS_REJECT_UNAUTHORIZED: 0
         with:
           start: yarn cypress:e2e:server

cypress/cypress-nginx.conf

@@ -3,67 +3,69 @@
 # with a ssl cert set on the domain
 
 #user  nobody;
-worker_processes  1;
+worker_processes 			1;
 
 events {
-    worker_connections  1024;
+    worker_connections  	1024;
 }
 
 http {
-    include       mime.types;
-    default_type  application/octet-stream;
+    include       			mime.types;
+    default_type  			application/octet-stream;
 
-    sendfile        on;
+    sendfile        		on;
 
-    keepalive_timeout  65;
+    # Set to 5 seconds longer than 60 seconds (pretty sure this is a magic numnber).
+	# This should help prevent timeouts in Cypress requests inside Github Actions.
+    keepalive_timeout  		65;
 
     # fixes issues for large response headers
-    proxy_buffer_size   128k;
-    proxy_buffers   4 256k;
-    proxy_busy_buffers_size   256k;
+	proxy_buffer_size		128k;
+    proxy_buffers  			4 256k;
+    proxy_busy_buffers_size 256k;
 
 
 	# manage.thegulocal.com
 	# ======================
 	server {
-		listen 443 ssl;
-		server_name manage.thegulocal.com;
-		proxy_http_version 1.1; # this is essential for chunked responses to work
+		listen 						443 ssl;
+		server_name 				manage.thegulocal.com;
+		proxy_http_version 			1.1; # this is essential for chunked responses to work
 
-		ssl_certificate manage.thegulocal.com.crt;
-		ssl_certificate_key manage.thegulocal.com.key;
-		ssl_session_timeout 5m;
-		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-		ssl_ciphers HIGH:!aNULL:!MD5;
-		ssl_prefer_server_ciphers on;
+		ssl_certificate				manage.thegulocal.com.crt;
+		ssl_certificate_key 		manage.thegulocal.com.key;
+		ssl_session_timeout 		5m;
+		ssl_protocols 				TLSv1 TLSv1.1 TLSv1.2;
+		ssl_ciphers 				HIGH:!aNULL:!MD5;
+		ssl_prefer_server_ciphers 	on;
 
 		location / {
-			proxy_pass http://localhost:9234/;
-			proxy_set_header Host $http_host;
-			proxy_http_version 1.1;
-			proxy_set_header Upgrade $http_upgrade;
-			proxy_set_header Connection "Upgrade";
+			proxy_pass 				http://localhost:9234/;
+			proxy_set_header 		Host $http_host;
+			proxy_http_version		1.1;
+			proxy_set_header 		Upgrade $http_upgrade;
+			proxy_set_header 		Connection "Upgrade";
 		}
 	}
 
 	# members-data-api.thegulocal.com
 	# ======================
 	server {
-		listen 443 ssl;
-		server_name members-data-api.thegulocal.com;
-		proxy_http_version 1.1; # this is essential for chunked responses to work
+		listen 						443 ssl;
+		server_name 				members-data-api.thegulocal.com;
+		proxy_http_version 			1.1; # this is essential for chunked responses to work
 
-		ssl_certificate members-data-api.thegulocal.com.crt;
-		ssl_certificate_key members-data-api.thegulocal.com.key;
-		ssl_session_timeout 5m;
-		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-		ssl_ciphers HIGH:!aNULL:!MD5;
-		ssl_prefer_server_ciphers on;
+		ssl_certificate 			members-data-api.thegulocal.com.crt;
+		ssl_certificate_key 		members-data-api.thegulocal.com.key;
+		ssl_session_timeout 		5m;
+		ssl_protocols 				TLSv1.2 TLSv1.3;
+		ssl_ciphers 				HIGH:!aNULL:!MD5;
+		ssl_prefer_server_ciphers 	on;
 
 		location / {
-			proxy_pass https://members-data-api.code.dev-theguardian.com;
-			proxy_next_upstream error timeout http_404 non_idempotent;
-			proxy_set_header "X-Forwarded-Proto" "https";
+			proxy_pass 				https://members-data-api.code.dev-theguardian.com;
+			proxy_next_upstream 	error timeout http_404 non_idempotent;
+			proxy_set_header 		"X-Forwarded-Proto" "https";
 			proxy_set_header 		Host members-data-api.code.dev-theguardian.com;
 			proxy_set_header        Accept-Encoding "";
 			proxy_hide_header 		Content-Security-Policy;
@@ -81,50 +83,51 @@ http {
     # profile.thegulocal.com
 	# ======================
     server {
-      listen 443 ssl;
-      server_name profile.thegulocal.com;
-      proxy_http_version 1.1; # this is essential for chunked responses to work
+      listen 						443 ssl;
+      server_name 					profile.thegulocal.com;
+      proxy_http_version			1.1; # this is essential for chunked responses to work
 
-      ssl_certificate profile.thegulocal.com.crt;
-      ssl_certificate_key profile.thegulocal.com.key;
-      ssl_session_timeout 5m;
-      ssl_protocols TLSv1.2 TLSv1.3;
-      ssl_ciphers HIGH:!aNULL:!MD5;
-      ssl_prefer_server_ciphers on;
+      ssl_certificate 				profile.thegulocal.com.crt;
+      ssl_certificate_key 			profile.thegulocal.com.key;
+      ssl_session_timeout 			5m;
+      ssl_protocols 				TLSv1.2 TLSv1.3;
+      ssl_ciphers 					HIGH:!aNULL:!MD5;
+      ssl_prefer_server_ciphers 	on;
 
       # dummy location header for the API
-      proxy_set_header X-GU-ID-Geolocation ip:$remote_addr,country:GB,city:Leeds;
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header 				X-GU-ID-Geolocation ip:$remote_addr,country:GB,city:Leeds;
+      proxy_set_header 				X-Forwarded-For $proxy_add_x_forwarded_for;
 
       location / {
-        proxy_pass https://profile.code.dev-theguardian.com;
-        proxy_next_upstream error timeout http_404 non_idempotent;
-        proxy_set_header "X-Forwarded-Proto" "https";
-        proxy_set_header "X-GU-Okta-Env" "profile.code.dev-theguardian.com";
-        proxy_set_header 		Host profile.code.dev-theguardian.com;
-        proxy_set_header        Accept-Encoding "";
-        proxy_hide_header 		Content-Security-Policy;
+        proxy_pass 					https://profile.code.dev-theguardian.com;
+        proxy_next_upstream error 	timeout http_404 non_idempotent;
+        proxy_set_header			"X-Forwarded-Proto" "https";
+        proxy_set_header 			"X-GU-Okta-Env" "profile.code.dev-theguardian.com";
+        proxy_set_header 			Host profile.code.dev-theguardian.com;
+        proxy_set_header        	Accept-Encoding "";
+        proxy_hide_header 			Content-Security-Policy;
 
-        proxy_cookie_domain 	profile.code.dev-theguardian.com profile.thegulocal.com;
-        proxy_cookie_domain 	.code.dev-theguardian.com .thegulocal.com;
+        proxy_cookie_domain 		profile.code.dev-theguardian.com profile.thegulocal.com;
+        proxy_cookie_domain 		.code.dev-theguardian.com .thegulocal.com;
 
-        sub_filter_types        application/json;
-        sub_filter_once         off;
-        sub_filter              'profile.code.dev-theguardian.com'  'profile.thegulocal.com';
+        sub_filter_types        	application/json;
+        sub_filter_once         	off;
+        sub_filter              	'profile.code.dev-theguardian.com'  'profile.thegulocal.com';
 
         ######
         # remove `sid` cookie in requests to Gateway
         # save original "Cookie" header value
-        set $altered_cookie $http_cookie;
+        set 						$altered_cookie $http_cookie;
         # check if the "sid" cookie is present
+		# From: https://stackoverflow.com/a/67627604
         if ($http_cookie ~ '(.*)(^|;\s)sid=("[^"]*"|[^\s]*[^;]?)(\2|$|;$)(?:;\s)?(.*)') {
           # cut "sid" cookie from the string
-          set $altered_cookie $1$4$5;
+          set						$altered_cookie $1$4$5;
         }
         # hide original "Cookie" header
-        proxy_hide_header Cookie;
+        proxy_hide_header 			Cookie;
         # set "Cookie" header to the new value
-        proxy_set_header  Cookie $altered_cookie;
+        proxy_set_header  			Cookie $altered_cookie;
         ######
       }
     }