diff --git a/routes/api/_middleware.ts b/routes/api/_middleware.ts index 6bd7459..23d0847 100644 --- a/routes/api/_middleware.ts +++ b/routes/api/_middleware.ts @@ -47,7 +47,7 @@ export async function handler(req: Request, ctx: MiddlewareHandlerContext) { if (allow) headers.set("Allow", allow); const origin = req.headers.get("origin"); if (origin) { - headers.set("Access-Control-Allow-Origin", "*"); + headers.set("Access-Control-Allow-Origin", origin); if (allow) headers.set("Access-Control-Allow-Methods", allow); headers.set("Access-Control-Allow-Headers", "Content-Type, Range"); headers.set("Access-Control-Allow-Credentials", "true"); @@ -58,7 +58,7 @@ export async function handler(req: Request, ctx: MiddlewareHandlerContext) { const headers = new Headers(res.headers); const origin = req.headers.get("origin"); if (origin) { - headers.set("Access-Control-Allow-Origin", "*"); + headers.set("Access-Control-Allow-Origin", origin); } if (ctx.state.is_from_cookie && ctx.state.token) { const m = get_task_manager(); diff --git a/routes/file/_middleware.ts b/routes/file/_middleware.ts index e9d6126..a40741a 100644 --- a/routes/file/_middleware.ts +++ b/routes/file/_middleware.ts @@ -8,7 +8,7 @@ export async function handler(req: Request, ctx: MiddlewareHandlerContext) { if (allow) headers.set("Allow", allow); const origin = req.headers.get("origin"); if (origin) { - headers.set("Access-Control-Allow-Origin", "*"); + headers.set("Access-Control-Allow-Origin", origin); if (allow) headers.set("Access-Control-Allow-Methods", allow); headers.set("Access-Control-Allow-Headers", "Content-Type, Range"); headers.set("Access-Control-Allow-Credentials", "true"); @@ -19,7 +19,7 @@ export async function handler(req: Request, ctx: MiddlewareHandlerContext) { const headers = new Headers(res.headers); const origin = req.headers.get("origin"); if (origin) { - headers.set("Access-Control-Allow-Origin", "*"); + headers.set("Access-Control-Allow-Origin", origin); } return new Response(res.body, { status: res.status,