TerribleDev/ente
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OPTIONS

Browse Source
This commit is contained in:
Manav Rathi
2024-06-16 20:49:37 +05:30
parent ed406e7eb0
commit a4bc5fa0df
1 changed files with 49 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
infra/workers/uploader/src/index.ts
View File

@@ -7,8 +7,8 @@
export default {
async fetch(request: Request) {
switch (request.method) {
// case "OPTIONS":
// return handleOPTIONS(request);
case "OPTIONS":
return handleOPTIONS(request);
// case "GET":
// return handleGET(request);
default:
@@ -17,3 +17,50 @@ export default {
}
},
} satisfies ExportedHandler;
const handleOPTIONS = (request: Request) => {
const origin = request.headers.get("Origin");
if (!isAllowedOrigin(origin)) console.warn("Unknown origin", origin);
const headers = request.headers.get("Access-Control-Request-Headers");
if (!areAllowedHeaders(headers))
console.warn("Unknown header in list", headers);
return new Response("", {
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "POST, PUT, OPTIONS",
"Access-Control-Max-Age": "86400",
// "Access-Control-Allow-Headers": "X-Auth-Token, X-Client-Package",
"Access-Control-Allow-Headers": "*",
"Access-Control-Expose-Headers": "X-Request-ID, CF-Ray",
},
});
};
const isAllowedOrigin = (origin: string | null) => {
const desktopApp = "ente://app";
const allowedHostnames = [
"web.ente.io",
"photos.ente.io",
"photos.ente.sh",
"localhost",
];
if (!origin) return false;
try {
const url = new URL(origin);
return origin == desktopApp || allowedHostnames.includes(url.hostname);
} catch {
// origin is likely an invalid URL
return false;
}
};
const areAllowedHeaders = (headers: string | null) => {
const allowed = ["x-auth-token", "x-client-package"];
if (!headers) return true;
for (const header of headers.split(",")) {
if (!allowed.includes(header.trim().toLowerCase())) return false;
}
return true;
};