ico
/
pingql
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: explicit OPTIONS handler for CORS preflight

This commit is contained in:
M1 2026-03-18 09:41:25 +04:00
parent 7a9417297f
commit fa8ff8b361
1 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
apps/api/src/index.ts
View File

@ -8,14 +8,31 @@ import { migrate } from "./db";
await migrate(); await migrate();
const CORS_ORIGIN = process.env.CORS_ORIGINS?.split(",") ?? ["https://pingql.com"];
const CORS_HEADERS = {
"access-control-allow-credentials": "true",
"access-control-allow-methods": "GET, POST, PUT, PATCH, DELETE, OPTIONS",
"access-control-allow-headers": "Content-Type, Authorization",
};
const app = new Elysia() const app = new Elysia()
.use(cors({ .use(cors({
origin: process.env.CORS_ORIGINS?.split(",") ?? ["https://pingql.com"], origin: CORS_ORIGIN,
credentials: true, credentials: true,
allowedHeaders: ["Content-Type", "Authorization"], allowedHeaders: ["Content-Type", "Authorization"],
methods: ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"], methods: ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"],
preflight: true, preflight: true,
})) }))
// Explicit OPTIONS handler for cross-origin preflight
.options("/*", ({ request }) => {
const origin = request.headers.get("origin") ?? "";
const allowed = CORS_ORIGIN.includes(origin) ? origin : CORS_ORIGIN[0];
return new Response(null, {
status: 204,
headers: { ...CORS_HEADERS, "access-control-allow-origin": allowed },
});
})
.get("/", () => ({ .get("/", () => ({
name: "PingQL API", name: "PingQL API",
version: "1", version: "1",