From 36678e52352f966af7f1400ccb3bc73e8a5b6813 Mon Sep 17 00:00:00 2001
From: lifegpc <root@lifegpc.com>
Date: Sun, 11 Aug 2024 20:53:14 +0800
Subject: [PATCH] /file /thumbnail allow x-token

---
 routes/file/_middleware.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/routes/file/_middleware.ts b/routes/file/_middleware.ts
index 1c6bdab..c638a3a 100644
--- a/routes/file/_middleware.ts
+++ b/routes/file/_middleware.ts
@@ -13,7 +13,10 @@ export async function handler(req: Request, ctx: FreshContext) {
             const c = m.cfg.cors_credentials_hosts.includes(origin);
             headers.set("Access-Control-Allow-Origin", origin);
             if (allow) headers.set("Access-Control-Allow-Methods", allow);
-            headers.set("Access-Control-Allow-Headers", "Content-Type, Range");
+            headers.set(
+                "Access-Control-Allow-Headers",
+                "Content-Type, Range, X-TOKEN",
+            );
             if (c) headers.set("Access-Control-Allow-Credentials", "true");
             headers.set("Access-Control-Allow-Private-Network", "true");
         }