adm_tueit/TueIT_App
2
0
Fork 0
Code Issues 3 Pull Requests 3 Packages Projects Releases Wiki Activity

preflight cors header

Browse Source
This commit is contained in:
selina.mail
2024-02-18 13:40:54 +01:00
parent 2e1d3f7026
commit 3e87b2daa0
3 changed files with 13 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/api/updateConfigItem.ts
View File

@ -6,10 +6,12 @@ export default defineEventHandler(async (event) => {
const headers: Record<string, Parameters<OutgoingMessage['setHeader']>[1]> = {
'Access-Control-Allow-Origin': 'https://tueitapp.tueit.de',
'Access-Control-Allow-Headers': 'authorization, content-type',
'Access-Control-Allow-Methods': 'GET,HEAD,PUT,PATCH,POST,DELETE',
'Access-Control-Allow-Methods': 'GET,HEAD,PUT,PATCH,POST,DELETE,OPTIONS',
};
setResponseHeaders(event, headers)
console.log(event)
if (!(errorMsg === '')) {
throw createError({
statusCode: 400,

20
server/middleware/cors.ts
View File

@ -1,14 +1,14 @@
export default defineEventHandler((event) => {
event.headers.append('Access-Control-Allow-Origin', 'https://tueitapp.tueit.de');
event.headers.append('Access-Control-Allow-Headers', 'content-type');
event.headers.append('Access-Control-Allow-Methods', 'GET,HEAD,PUT,PATCH,POST,DELETE');
event.headers.append('Access-Control-Allow-Credentials', 'true');
event.headers.append('Access-Control-Options', 'true');
event.headers.append('Access-Control-Expose-Headers', 'Content-Length,Content-Range');
event.headers.append('Access-Control-Max-Age', '600');
event.headers.append('crossOriginResourcePolicy', 'same-origin');
event.headers.append('crossOriginOpenerPolicy', 'same-origin');
event.headers.append('crossOriginEmbedderPolicy', 'require-corp');
event.headers.append('contentSecurityPolicy', "default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests");
event.headers.append('X-XSS-Protection', '1');
event.headers.append('Access-Control-Allow-Methods', 'OPTIONS,GET,HEAD,PUT,PATCH,POST,DELETE');
// event.headers.append('Access-Control-Allow-Credentials', 'true');
// event.headers.append('Access-Control-Options', 'true');
// event.headers.append('Access-Control-Expose-Headers', 'Content-Length,Content-Range');
// event.headers.append('Access-Control-Max-Age', '600');
// event.headers.append('crossOriginResourcePolicy', 'same-origin');
// event.headers.append('crossOriginOpenerPolicy', 'same-origin');
// event.headers.append('crossOriginEmbedderPolicy', 'require-corp');
// event.headers.append('contentSecurityPolicy', "default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests");
// event.headers.append('X-XSS-Protection', '1');
})