proxy requests for blocks to the API server

docs/example.nginx.conf

@@ -217,7 +217,7 @@ server {
     }
 
     # encrypted blobs are immutable and are thus cached for a year
-    location ^~ /blob/ {
+    location ~ ^/(blob|block)/.*$ {
         if ($request_method = 'OPTIONS') {
             add_header 'Access-Control-Allow-Origin' "${allowed_origins}";
             add_header 'Access-Control-Allow-Credentials' true;
@@ -238,23 +238,6 @@ server {
         try_files $uri =404;
     }
 
-    # the "block-store" serves encrypted payloads containing users' drive keys
-    # these payloads are unlocked via login credentials. They are mutable
-    # and are thus never cached. They're small enough that it doesn't matter, in any case.
-    location ^~ /block/ {
-        add_header X-Content-Type-Options nosniff;
-        add_header Cache-Control max-age=0;
-        try_files $uri =404;
-    }
-
-    # This block provides an alternative means of loading content
-    # otherwise only served via websocket. This is solely for debugging purposes,
-    # and is thus not allowed by default.
-    #location ^~ /datastore/ {
-        #add_header Cache-Control max-age=0;
-        #try_files $uri =404;
-    #}
-
     # The nodejs server has some built-in forwarding rules to prevent
     # URLs like /pad from resulting in a 404. This simply adds a trailing slash
     # to a variety of applications.