mirror/koodo-reader
1
0
Fork 0
mirror of https://github.com/koodo-reader/koodo-reader.git synced 2026-06-12 01:44:33 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: update CORS handling to allow all origins when no ALLOWED_ORIGINS are configured

Browse Source
This commit is contained in:
troyeguo
2026-05-11 19:24:39 +08:00
parent 47d1794b88
commit a7fede2aba
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
httpServer.js
View File

@@ -58,8 +58,8 @@ if (!process.env.SERVER_USERNAME) {
if (ALLOWED_ORIGINS.length === 0) {
console.warn(
"Warning: No ALLOWED_ORIGINS configured. Cross-origin requests will be denied. " +
"Set ALLOWED_ORIGINS to a comma-separated list of trusted origins if needed."
"Warning: No ALLOWED_ORIGINS configured. All cross-origin requests will be allowed. " +
"Set ALLOWED_ORIGINS to a comma-separated list of trusted origins to restrict access."
);
}
@@ -86,7 +86,10 @@ function applyCorsHeaders(req, res) {
res.setHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, OPTIONS");
res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization");
if (origin && ALLOWED_ORIGINS.includes(origin)) {
if (
origin &&
(ALLOWED_ORIGINS.length === 0 || ALLOWED_ORIGINS.includes(origin))
) {
res.setHeader("Access-Control-Allow-Origin", origin);
res.setHeader("Access-Control-Allow-Credentials", "true");
return true;