From 68182ae959fc6fc268f98c30afc5704479a8076f Mon Sep 17 00:00:00 2001 From: lifegpc Date: Mon, 3 Jun 2024 09:20:46 +0800 Subject: [PATCH] Add Access-Control-Allow-Private-Network --- routes/api/_middleware.ts | 3 ++- routes/file/_middleware.ts | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/routes/api/_middleware.ts b/routes/api/_middleware.ts index 690f3bf..56ece86 100644 --- a/routes/api/_middleware.ts +++ b/routes/api/_middleware.ts @@ -72,8 +72,9 @@ export async function handler(req: Request, ctx: FreshContext) { const c = m.cfg.cors_credentials_hosts.includes(origin); headers.set("Access-Control-Allow-Origin", c ? origin : "*"); if (allow) headers.set("Access-Control-Allow-Methods", allow); - headers.set("Access-Control-Allow-Headers", "Content-Type, Range"); + headers.set("Access-Control-Allow-Headers", "Content-Type, Range, X-TOKEN"); if (c) headers.set("Access-Control-Allow-Credentials", "true"); + headers.set("Access-Control-Allow-Private-Network", "true"); } return new Response(null, { status: 204, headers }); } else { diff --git a/routes/file/_middleware.ts b/routes/file/_middleware.ts index f2d4726..728ff26 100644 --- a/routes/file/_middleware.ts +++ b/routes/file/_middleware.ts @@ -15,6 +15,7 @@ export async function handler(req: Request, ctx: FreshContext) { if (allow) headers.set("Access-Control-Allow-Methods", allow); headers.set("Access-Control-Allow-Headers", "Content-Type, Range"); if (c) headers.set("Access-Control-Allow-Credentials", "true"); + headers.set("Access-Control-Allow-Private-Network", "true"); } return new Response(null, { status: 204, headers }); } else {