From 3e87b2daa0b400d87ffa636652ee7a4c3db09c3c Mon Sep 17 00:00:00 2001 From: "selina.mail" Date: Sun, 18 Feb 2024 13:40:54 +0100 Subject: [PATCH] preflight cors header --- components/server/NetworkSpecifications.vue | 1 - server/api/updateConfigItem.ts | 4 +++- server/middleware/cors.ts | 20 ++++++++++---------- 3 files changed, 13 insertions(+), 12 deletions(-) diff --git a/components/server/NetworkSpecifications.vue b/components/server/NetworkSpecifications.vue index 7d0998c..dbe004e 100644 --- a/components/server/NetworkSpecifications.vue +++ b/components/server/NetworkSpecifications.vue @@ -109,7 +109,6 @@ const validateIPv6address = (ipaddress) => { //update data const updateConfigItem = async () => { if (validateIPv4address(inputIPv4.value)) { - console.log("not ere") item.value.IPv4 = inputIPv4.value; try { await Axios.put( diff --git a/server/api/updateConfigItem.ts b/server/api/updateConfigItem.ts index 7bf7d6b..2f9b49f 100644 --- a/server/api/updateConfigItem.ts +++ b/server/api/updateConfigItem.ts @@ -6,10 +6,12 @@ export default defineEventHandler(async (event) => { const headers: Record[1]> = { 'Access-Control-Allow-Origin': 'https://tueitapp.tueit.de', 'Access-Control-Allow-Headers': 'authorization, content-type', - 'Access-Control-Allow-Methods': 'GET,HEAD,PUT,PATCH,POST,DELETE', + 'Access-Control-Allow-Methods': 'GET,HEAD,PUT,PATCH,POST,DELETE,OPTIONS', }; setResponseHeaders(event, headers) + console.log(event) + if (!(errorMsg === '')) { throw createError({ statusCode: 400, diff --git a/server/middleware/cors.ts b/server/middleware/cors.ts index c0c8a86..740e9fc 100644 --- a/server/middleware/cors.ts +++ b/server/middleware/cors.ts @@ -1,14 +1,14 @@ export default defineEventHandler((event) => { event.headers.append('Access-Control-Allow-Origin', 'https://tueitapp.tueit.de'); event.headers.append('Access-Control-Allow-Headers', 'content-type'); - event.headers.append('Access-Control-Allow-Methods', 'GET,HEAD,PUT,PATCH,POST,DELETE'); - event.headers.append('Access-Control-Allow-Credentials', 'true'); - event.headers.append('Access-Control-Options', 'true'); - event.headers.append('Access-Control-Expose-Headers', 'Content-Length,Content-Range'); - event.headers.append('Access-Control-Max-Age', '600'); - event.headers.append('crossOriginResourcePolicy', 'same-origin'); - event.headers.append('crossOriginOpenerPolicy', 'same-origin'); - event.headers.append('crossOriginEmbedderPolicy', 'require-corp'); - event.headers.append('contentSecurityPolicy', "default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"); - event.headers.append('X-XSS-Protection', '1'); + event.headers.append('Access-Control-Allow-Methods', 'OPTIONS,GET,HEAD,PUT,PATCH,POST,DELETE'); + // event.headers.append('Access-Control-Allow-Credentials', 'true'); + // event.headers.append('Access-Control-Options', 'true'); + // event.headers.append('Access-Control-Expose-Headers', 'Content-Length,Content-Range'); + // event.headers.append('Access-Control-Max-Age', '600'); + // event.headers.append('crossOriginResourcePolicy', 'same-origin'); + // event.headers.append('crossOriginOpenerPolicy', 'same-origin'); + // event.headers.append('crossOriginEmbedderPolicy', 'require-corp'); + // event.headers.append('contentSecurityPolicy', "default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"); + // event.headers.append('X-XSS-Protection', '1'); })