From e65f84aa22b5960391c5649d57c8ff41564ac106 Mon Sep 17 00:00:00 2001
From: Sunwuyuan <sun@wuyuan.dev>
Date: Sat, 6 Dec 2025 13:41:40 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20=E6=9B=B4=E6=96=B0CORS=E9=85=8D?=
 =?UTF-8?q?=E7=BD=AE=EF=BC=8C=E5=85=81=E8=AE=B8=E8=B7=A8=E5=9F=9F=E8=AF=B7?=
 =?UTF-8?q?=E6=B1=82=E6=90=BA=E5=B8=A6=E5=87=AD=E8=AF=81=E5=92=8C=E8=87=AA?=
 =?UTF-8?q?=E5=AE=9A=E4=B9=89=E8=AF=B7=E6=B1=82=E5=A4=B4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/app.js b/app.js
index 2cac0b0..4bde77f 100644
--- a/app.js
+++ b/app.js
@@ -25,6 +25,10 @@ app.use(
     cors({
         exposedHeaders: ["ratelimit-policy", "retry-after", "ratelimit"], // 告诉浏览器这些响应头可以暴露
         maxAge: 86400, // 设置OPTIONS请求的结果缓存24小时(86400秒)，减少预检请求
+        credentials: true, // 允许跨域请求携带凭证
+        allowedHeaders: ["Content-Type", "Authorization", "X-Requested-With", "Accept"], // 允许的请求头
+        methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"], // 允许的HTTP方法
+        withCredentials: true, // 允许携带cookie等凭证信息
     })
 );
 app.disable("x-powered-by");