Skip to content

Commit a083850

Browse files
arcoravenarcoraven
committed
fix: return proper response on CORS error
1 parent a52a717 commit a083850

File tree

2 files changed

+11
-7
lines changed

2 files changed

+11
-7
lines changed

src/server/index.ts

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,6 @@ import fastify, { type FastifyInstance } from "fastify";
33
import * as fs from "node:fs";
44
import path from "node:path";
55
import { URL } from "node:url";
6-
import { getConfig } from "../utils/cache/getConfig";
76
import { clearCacheCron } from "../utils/cron/clearCacheCron";
87
import { env } from "../utils/env";
98
import { logger } from "../utils/logger";
@@ -72,13 +71,11 @@ export const initServer = async () => {
7271
...(env.ENABLE_HTTPS ? httpsObject : {}),
7372
}).withTypeProvider<TypeBoxTypeProvider>();
7473

75-
const config = await getConfig();
76-
7774
// Configure middleware
7875
withErrorHandler(server);
7976
withRequestLogs(server);
8077
withSecurityHeaders(server);
81-
withCors(server, config);
78+
withCors(server);
8279
withRateLimit(server);
8380
withEnforceEngineMode(server);
8481
withServerUsageReporting(server);

src/server/middleware/cors.ts

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
import type { FastifyInstance } from "fastify";
2-
import type { ParsedConfig } from "../../schema/config";
2+
import { getConfig } from "../../utils/cache/getConfig";
33
import { ADMIN_QUEUES_BASEPATH } from "./adminRoutes";
44

55
const STANDARD_METHODS = "GET,POST,DELETE,PUT,PATCH,HEAD,PUT,PATCH,POST,DELETE";
@@ -9,7 +9,7 @@ const DEFAULT_ALLOWED_HEADERS = [
99
"ngrok-skip-browser-warning",
1010
];
1111

12-
export function withCors(server: FastifyInstance, config: ParsedConfig) {
12+
export function withCors(server: FastifyInstance) {
1313
server.addHook("onRequest", async (request, reply) => {
1414
const origin = request.headers.origin;
1515

@@ -29,13 +29,20 @@ export function withCors(server: FastifyInstance, config: ParsedConfig) {
2929
return;
3030
}
3131

32+
const config = await getConfig();
3233
const allowedOrigins = config.accessControlAllowOrigin
3334
.split(",")
3435
.map(sanitizeOrigin);
3536

3637
// Always set `Vary: Origin` to prevent caching issues even on invalid origins.
3738
reply.header("Vary", "Origin");
3839

40+
console.log("[DEBUG] allowedOrigins:", allowedOrigins);
41+
console.log(
42+
"[DEBUG] isAllowedOrigin(origin, allowedOrigins):",
43+
isAllowedOrigin(origin, allowedOrigins),
44+
);
45+
3946
if (isAllowedOrigin(origin, allowedOrigins)) {
4047
// Set CORS headers if valid origin.
4148
reply.header("Access-Control-Allow-Origin", origin);
@@ -56,7 +63,7 @@ export function withCors(server: FastifyInstance, config: ParsedConfig) {
5663
return;
5764
}
5865
} else {
59-
reply.code(403).send({ error: "Invalid origin" });
66+
// reply.code(403).send({ error: "Invalid origin" });
6067
return;
6168
}
6269
});

0 commit comments

Comments
 (0)