From 7d3cb01cdaec199fe35d925123222f54d8cc9015 Mon Sep 17 00:00:00 2001
From: lifegpc <g1710431395@gmail.com>
Date: Wed, 30 Aug 2023 14:54:23 +0800
Subject: [PATCH] Fix CORS impl

---
 routes/api/_middleware.ts  | 4 ++--
 routes/file/_middleware.ts | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/routes/api/_middleware.ts b/routes/api/_middleware.ts
index 6bd7459..23d0847 100644
--- a/routes/api/_middleware.ts
+++ b/routes/api/_middleware.ts
@@ -47,7 +47,7 @@ export async function handler(req: Request, ctx: MiddlewareHandlerContext) {
         if (allow) headers.set("Allow", allow);
         const origin = req.headers.get("origin");
         if (origin) {
-            headers.set("Access-Control-Allow-Origin", "*");
+            headers.set("Access-Control-Allow-Origin", origin);
             if (allow) headers.set("Access-Control-Allow-Methods", allow);
             headers.set("Access-Control-Allow-Headers", "Content-Type, Range");
             headers.set("Access-Control-Allow-Credentials", "true");
@@ -58,7 +58,7 @@ export async function handler(req: Request, ctx: MiddlewareHandlerContext) {
         const headers = new Headers(res.headers);
         const origin = req.headers.get("origin");
         if (origin) {
-            headers.set("Access-Control-Allow-Origin", "*");
+            headers.set("Access-Control-Allow-Origin", origin);
         }
         if (ctx.state.is_from_cookie && ctx.state.token) {
             const m = get_task_manager();
diff --git a/routes/file/_middleware.ts b/routes/file/_middleware.ts
index e9d6126..a40741a 100644
--- a/routes/file/_middleware.ts
+++ b/routes/file/_middleware.ts
@@ -8,7 +8,7 @@ export async function handler(req: Request, ctx: MiddlewareHandlerContext) {
         if (allow) headers.set("Allow", allow);
         const origin = req.headers.get("origin");
         if (origin) {
-            headers.set("Access-Control-Allow-Origin", "*");
+            headers.set("Access-Control-Allow-Origin", origin);
             if (allow) headers.set("Access-Control-Allow-Methods", allow);
             headers.set("Access-Control-Allow-Headers", "Content-Type, Range");
             headers.set("Access-Control-Allow-Credentials", "true");
@@ -19,7 +19,7 @@ export async function handler(req: Request, ctx: MiddlewareHandlerContext) {
         const headers = new Headers(res.headers);
         const origin = req.headers.get("origin");
         if (origin) {
-            headers.set("Access-Control-Allow-Origin", "*");
+            headers.set("Access-Control-Allow-Origin", origin);
         }
         return new Response(res.body, {
             status: res.status,