From 27aa9a01cb0d6792035af33efd63927d24c0bc82 Mon Sep 17 00:00:00 2001
From: LaoShui <79132480+laoshuikaixue@users.noreply.github.com>
Date: Sat, 14 Mar 2026 21:14:18 +0800
Subject: [PATCH] =?UTF-8?q?fix(cors):=20=E4=BF=AE=E5=A4=8DCORS=E6=BA=90?=
 =?UTF-8?q?=E9=AA=8C=E8=AF=81=E9=80=BB=E8=BE=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 移除无效的请求源回退逻辑
- 简化Vary头设置条件判断
- 优化CORS允许源验证流程
---
 server.js | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/server.js b/server.js
index 189f328..ff58fc1 100644
--- a/server.js
+++ b/server.js
@@ -153,10 +153,6 @@ function getCorsAllowOrigin(allowOrigins, requestOrigin) {
     return requestOrigin
   }
 
-  if (!requestOrigin) {
-    return allowOrigins[0] || null
-  }
-
   return null
 }
 
@@ -185,11 +181,7 @@ async function constructServer(moduleDefs) {
         allowOrigins,
         req.headers.origin,
       )
-      const shouldSetVaryHeader =
-        allowOrigins &&
-        !allowOrigins.includes('*') &&
-        req.headers.origin &&
-        corsAllowOrigin
+      const shouldSetVaryHeader = corsAllowOrigin && corsAllowOrigin !== '*'
       res.set({
         'Access-Control-Allow-Credentials': true,
         ...(corsAllowOrigin