Do not omit Access-Control-Allow-Credentials

This commit is contained in:
2024-06-03 10:22:08 +08:00
parent 3ae88a9c48
commit 06a96fcb07
2 changed files with 13 additions and 8 deletions

View File

@@ -58,7 +58,7 @@ export async function handler(req: Request, ctx: FreshContext) {
if (origin) {
const c = m.cfg.cors_credentials_hosts.includes(origin);
headers["Access-Control-Allow-Origin"] = origin;
if (c) headers["Access-Control-Allow-Credentials"] = "true";
headers["Access-Control-Allow-Credentials"] = c ? "true" : "false";
}
return return_error(401, "Unauthorized", 401, headers);
}
@@ -72,8 +72,14 @@ export async function handler(req: Request, ctx: FreshContext) {
const c = m.cfg.cors_credentials_hosts.includes(origin);
headers.set("Access-Control-Allow-Origin", origin);
if (allow) headers.set("Access-Control-Allow-Methods", allow);
headers.set("Access-Control-Allow-Headers", "Content-Type, Range, X-TOKEN");
if (c) headers.set("Access-Control-Allow-Credentials", "true");
headers.set(
"Access-Control-Allow-Headers",
"Content-Type, Range, X-TOKEN",
);
headers.set(
"Access-Control-Allow-Credentials",
c ? "true" : "false",
);
headers.set("Access-Control-Allow-Private-Network", "true");
}
return new Response(null, { status: 204, headers });
@@ -84,7 +90,10 @@ export async function handler(req: Request, ctx: FreshContext) {
if (origin) {
const c = m.cfg.cors_credentials_hosts.includes(origin);
headers.set("Access-Control-Allow-Origin", origin);
if (c) headers.set("Access-Control-Allow-Credentials", "true");
headers.set(
"Access-Control-Allow-Credentials",
c ? "true" : "false",
);
}
if (ctx.state.is_from_cookie && ctx.state.token) {
const m = get_task_manager();

View File

@@ -10,11 +10,9 @@ export async function handler(req: Request, ctx: FreshContext) {
if (allow) headers.set("Allow", allow);
const origin = req.headers.get("origin");
if (origin) {
const c = m.cfg.cors_credentials_hosts.includes(origin);
headers.set("Access-Control-Allow-Origin", origin);
if (allow) headers.set("Access-Control-Allow-Methods", allow);
headers.set("Access-Control-Allow-Headers", "Content-Type, Range");
if (c) headers.set("Access-Control-Allow-Credentials", "true");
headers.set("Access-Control-Allow-Private-Network", "true");
}
return new Response(null, { status: 204, headers });
@@ -23,9 +21,7 @@ export async function handler(req: Request, ctx: FreshContext) {
const headers = new Headers(res.headers);
const origin = req.headers.get("origin");
if (origin) {
const c = m.cfg.cors_credentials_hosts.includes(origin);
headers.set("Access-Control-Allow-Origin", origin);
if (c) headers.set("Access-Control-Allow-Credentials", "true");
}
return new Response(res.body, {
status: res.status,