diff --git a/routes/api/_middleware.ts b/routes/api/_middleware.ts index 690f3bf..56ece86 100644 --- a/routes/api/_middleware.ts +++ b/routes/api/_middleware.ts @@ -72,8 +72,9 @@ export async function handler(req: Request, ctx: FreshContext) { const c = m.cfg.cors_credentials_hosts.includes(origin); headers.set("Access-Control-Allow-Origin", c ? origin : "*"); if (allow) headers.set("Access-Control-Allow-Methods", allow); - headers.set("Access-Control-Allow-Headers", "Content-Type, Range"); + headers.set("Access-Control-Allow-Headers", "Content-Type, Range, X-TOKEN"); if (c) headers.set("Access-Control-Allow-Credentials", "true"); + headers.set("Access-Control-Allow-Private-Network", "true"); } return new Response(null, { status: 204, headers }); } else { diff --git a/routes/file/_middleware.ts b/routes/file/_middleware.ts index f2d4726..728ff26 100644 --- a/routes/file/_middleware.ts +++ b/routes/file/_middleware.ts @@ -15,6 +15,7 @@ export async function handler(req: Request, ctx: FreshContext) { if (allow) headers.set("Access-Control-Allow-Methods", allow); headers.set("Access-Control-Allow-Headers", "Content-Type, Range"); if (c) headers.set("Access-Control-Allow-Credentials", "true"); + headers.set("Access-Control-Allow-Private-Network", "true"); } return new Response(null, { status: 204, headers }); } else {