MoeFurina/NeteaseCloudMusicApiEnhanced
1
0
Fork 0
mirror of https://github.com/NeteaseCloudMusicApiEnhanced/api-enhanced.git synced 2026-03-21 11:03:15 +00:00
Code Issues Packages Projects Releases Activity

fix(cors): 修复CORS源验证逻辑

Browse Source 
- 移除无效的请求源回退逻辑
- 简化Vary头设置条件判断
- 优化CORS允许源验证流程
This commit is contained in:
LaoShui 2026-03-14 21:14:18 +08:00
parent 30e522018f
commit 27aa9a01cb
1 changed files with 1 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
server.js
View File

@ -153,10 +153,6 @@ function getCorsAllowOrigin(allowOrigins, requestOrigin) {
return requestOrigin return requestOrigin
} }
if (!requestOrigin) {
return allowOrigins[0] || null
}
return null return null
} }
@ -185,11 +181,7 @@ async function constructServer(moduleDefs) {
allowOrigins, allowOrigins,
req.headers.origin, req.headers.origin,
) )
const shouldSetVaryHeader = const shouldSetVaryHeader = corsAllowOrigin && corsAllowOrigin !== '*'
allowOrigins &&
!allowOrigins.includes('*') &&
req.headers.origin &&
corsAllowOrigin
res.set({ res.set({
'Access-Control-Allow-Credentials': true, 'Access-Control-Allow-Credentials': true,
...(corsAllowOrigin ...(corsAllowOrigin