adm_tueit/TueIT_App
2
0
Fork 0
Code Issues 3 Pull Requests 3 Packages Projects Releases Wiki Activity

preflight cors header

Browse Source
This commit is contained in:
selina.mail
2024-02-18 13:40:54 +01:00
parent 2e1d3f7026
commit 3e87b2daa0
3 changed files with 13 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
components/server/NetworkSpecifications.vue
View File

@ -109,7 +109,6 @@ const validateIPv6address = (ipaddress) => {
//update data //update data
const updateConfigItem = async () => { const updateConfigItem = async () => {
if (validateIPv4address(inputIPv4.value)) { if (validateIPv4address(inputIPv4.value)) {
console.log("not ere")
item.value.IPv4 = inputIPv4.value; item.value.IPv4 = inputIPv4.value;
try { try {
await Axios.put( await Axios.put(

4
server/api/updateConfigItem.ts
View File

@ -6,10 +6,12 @@ export default defineEventHandler(async (event) => {
const headers: Record<string, Parameters<OutgoingMessage['setHeader']>[1]> = { const headers: Record<string, Parameters<OutgoingMessage['setHeader']>[1]> = {
'Access-Control-Allow-Origin': 'https://tueitapp.tueit.de', 'Access-Control-Allow-Origin': 'https://tueitapp.tueit.de',
'Access-Control-Allow-Headers': 'authorization, content-type', 'Access-Control-Allow-Headers': 'authorization, content-type',
'Access-Control-Allow-Methods': 'GET,HEAD,PUT,PATCH,POST,DELETE', 'Access-Control-Allow-Methods': 'GET,HEAD,PUT,PATCH,POST,DELETE,OPTIONS',
}; };
setResponseHeaders(event, headers) setResponseHeaders(event, headers)
console.log(event)
if (!(errorMsg === '')) { if (!(errorMsg === '')) {
throw createError({ throw createError({
statusCode: 400, statusCode: 400,

20
server/middleware/cors.ts
View File

@ -1,14 +1,14 @@
export default defineEventHandler((event) => { export default defineEventHandler((event) => {
event.headers.append('Access-Control-Allow-Origin', 'https://tueitapp.tueit.de'); event.headers.append('Access-Control-Allow-Origin', 'https://tueitapp.tueit.de');
event.headers.append('Access-Control-Allow-Headers', 'content-type'); event.headers.append('Access-Control-Allow-Headers', 'content-type');
event.headers.append('Access-Control-Allow-Methods', 'GET,HEAD,PUT,PATCH,POST,DELETE'); event.headers.append('Access-Control-Allow-Methods', 'OPTIONS,GET,HEAD,PUT,PATCH,POST,DELETE');
event.headers.append('Access-Control-Allow-Credentials', 'true'); // event.headers.append('Access-Control-Allow-Credentials', 'true');
event.headers.append('Access-Control-Options', 'true'); // event.headers.append('Access-Control-Options', 'true');
event.headers.append('Access-Control-Expose-Headers', 'Content-Length,Content-Range'); // event.headers.append('Access-Control-Expose-Headers', 'Content-Length,Content-Range');
event.headers.append('Access-Control-Max-Age', '600'); // event.headers.append('Access-Control-Max-Age', '600');
event.headers.append('crossOriginResourcePolicy', 'same-origin'); // event.headers.append('crossOriginResourcePolicy', 'same-origin');
event.headers.append('crossOriginOpenerPolicy', 'same-origin'); // event.headers.append('crossOriginOpenerPolicy', 'same-origin');
event.headers.append('crossOriginEmbedderPolicy', 'require-corp'); // event.headers.append('crossOriginEmbedderPolicy', 'require-corp');
event.headers.append('contentSecurityPolicy', "default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"); // event.headers.append('contentSecurityPolicy', "default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests");
event.headers.append('X-XSS-Protection', '1'); // event.headers.append('X-XSS-Protection', '1');
}) })