mirror of
https://github.com/lifegpc/eh-downloader.git
synced 2026-07-08 01:31:00 +08:00
Do not omit Access-Control-Allow-Credentials
This commit is contained in:
@@ -58,7 +58,7 @@ export async function handler(req: Request, ctx: FreshContext) {
|
||||
if (origin) {
|
||||
const c = m.cfg.cors_credentials_hosts.includes(origin);
|
||||
headers["Access-Control-Allow-Origin"] = origin;
|
||||
if (c) headers["Access-Control-Allow-Credentials"] = "true";
|
||||
headers["Access-Control-Allow-Credentials"] = c ? "true" : "false";
|
||||
}
|
||||
return return_error(401, "Unauthorized", 401, headers);
|
||||
}
|
||||
@@ -72,8 +72,14 @@ export async function handler(req: Request, ctx: FreshContext) {
|
||||
const c = m.cfg.cors_credentials_hosts.includes(origin);
|
||||
headers.set("Access-Control-Allow-Origin", origin);
|
||||
if (allow) headers.set("Access-Control-Allow-Methods", allow);
|
||||
headers.set("Access-Control-Allow-Headers", "Content-Type, Range, X-TOKEN");
|
||||
if (c) headers.set("Access-Control-Allow-Credentials", "true");
|
||||
headers.set(
|
||||
"Access-Control-Allow-Headers",
|
||||
"Content-Type, Range, X-TOKEN",
|
||||
);
|
||||
headers.set(
|
||||
"Access-Control-Allow-Credentials",
|
||||
c ? "true" : "false",
|
||||
);
|
||||
headers.set("Access-Control-Allow-Private-Network", "true");
|
||||
}
|
||||
return new Response(null, { status: 204, headers });
|
||||
@@ -84,7 +90,10 @@ export async function handler(req: Request, ctx: FreshContext) {
|
||||
if (origin) {
|
||||
const c = m.cfg.cors_credentials_hosts.includes(origin);
|
||||
headers.set("Access-Control-Allow-Origin", origin);
|
||||
if (c) headers.set("Access-Control-Allow-Credentials", "true");
|
||||
headers.set(
|
||||
"Access-Control-Allow-Credentials",
|
||||
c ? "true" : "false",
|
||||
);
|
||||
}
|
||||
if (ctx.state.is_from_cookie && ctx.state.token) {
|
||||
const m = get_task_manager();
|
||||
|
||||
@@ -10,11 +10,9 @@ export async function handler(req: Request, ctx: FreshContext) {
|
||||
if (allow) headers.set("Allow", allow);
|
||||
const origin = req.headers.get("origin");
|
||||
if (origin) {
|
||||
const c = m.cfg.cors_credentials_hosts.includes(origin);
|
||||
headers.set("Access-Control-Allow-Origin", origin);
|
||||
if (allow) headers.set("Access-Control-Allow-Methods", allow);
|
||||
headers.set("Access-Control-Allow-Headers", "Content-Type, Range");
|
||||
if (c) headers.set("Access-Control-Allow-Credentials", "true");
|
||||
headers.set("Access-Control-Allow-Private-Network", "true");
|
||||
}
|
||||
return new Response(null, { status: 204, headers });
|
||||
@@ -23,9 +21,7 @@ export async function handler(req: Request, ctx: FreshContext) {
|
||||
const headers = new Headers(res.headers);
|
||||
const origin = req.headers.get("origin");
|
||||
if (origin) {
|
||||
const c = m.cfg.cors_credentials_hosts.includes(origin);
|
||||
headers.set("Access-Control-Allow-Origin", origin);
|
||||
if (c) headers.set("Access-Control-Allow-Credentials", "true");
|
||||
}
|
||||
return new Response(res.body, {
|
||||
status: res.status,
|
||||
|
||||
Reference in New Issue
Block a user