diff --git a/infra/workers/files/src/index.ts b/infra/workers/files/src/index.ts index 2592d39ce6..e855dca243 100644 --- a/infra/workers/files/src/index.ts +++ b/infra/workers/files/src/index.ts @@ -17,16 +17,12 @@ export default { const handleOPTIONS = (request: Request) => { const origin = request.headers.get("Origin"); if (!isAllowedOrigin(origin)) console.warn("Unknown origin", origin); - const headers = request.headers.get("Access-Control-Request-Headers"); - if (!areAllowedHeaders(headers)) - console.warn("Unknown header in list", headers); return new Response("", { headers: { "Access-Control-Allow-Origin": "*", "Access-Control-Allow-Methods": "GET, OPTIONS", + "Access-Control-Allow-Headers": "X-Auth-Token, X-Client-Package", "Access-Control-Max-Age": "86400", - // "Access-Control-Allow-Headers": "X-Auth-Token, X-Client-Package", - "Access-Control-Allow-Headers": "*", }, }); }; @@ -48,16 +44,6 @@ const isAllowedOrigin = (origin: string | null) => { } }; -const areAllowedHeaders = (headers: string | null) => { - const allowed = ["x-auth-token", "x-client-package"]; - - if (!headers) return true; - for (const header of headers.split(",")) { - if (!allowed.includes(header.trim().toLowerCase())) return false; - } - return true; -}; - const handleGET = async (request: Request) => { const url = new URL(request.url); diff --git a/infra/workers/public-albums/src/index.ts b/infra/workers/public-albums/src/index.ts index 0b679c965f..505a474635 100644 --- a/infra/workers/public-albums/src/index.ts +++ b/infra/workers/public-albums/src/index.ts @@ -17,17 +17,13 @@ export default { const handleOPTIONS = (request: Request) => { const origin = request.headers.get("Origin"); if (!isAllowedOrigin(origin)) console.warn("Unknown origin", origin); - const headers = request.headers.get("Access-Control-Request-Headers"); - if (!areAllowedHeaders(headers)) - console.warn("Unknown header in list", headers); return new Response("", { headers: { "Access-Control-Allow-Origin": "*", "Access-Control-Allow-Methods": "GET, OPTIONS", + "Access-Control-Allow-Headers": + "X-Auth-Access-Token, X-Auth-Access-Token-JWT, X-Client-Package", "Access-Control-Max-Age": "86400", - // "Access-Control-Allow-Headers": "X-Auth-Access-Token, X-Auth-Access-Token-JWT", - // "Access-Control-Allow-Headers": "X-Auth-Access-Token, X-Auth-Access-Token-JWT, x-client-package", - "Access-Control-Allow-Headers": "*", }, }); }; @@ -45,21 +41,6 @@ const isAllowedOrigin = (origin: string | null) => { } }; -const areAllowedHeaders = (headers: string | null) => { - // TODO(MR): Stop sending "x-client-package" - const allowed = [ - "x-auth-access-token", - "x-auth-access-token-jwt", - "x-client-package", - ]; - - if (!headers) return true; - for (const header of headers.split(",")) { - if (!allowed.includes(header.trim().toLowerCase())) return false; - } - return true; -}; - const handleGET = async (request: Request) => { const url = new URL(request.url); diff --git a/infra/workers/thumbnails/src/index.ts b/infra/workers/thumbnails/src/index.ts index 9b1876f38c..9fc23fa52b 100644 --- a/infra/workers/thumbnails/src/index.ts +++ b/infra/workers/thumbnails/src/index.ts @@ -17,16 +17,12 @@ export default { const handleOPTIONS = (request: Request) => { const origin = request.headers.get("Origin"); if (!isAllowedOrigin(origin)) console.warn("Unknown origin", origin); - const headers = request.headers.get("Access-Control-Request-Headers"); - if (!areAllowedHeaders(headers)) - console.warn("Unknown header in list", headers); return new Response("", { headers: { "Access-Control-Allow-Origin": "*", "Access-Control-Allow-Methods": "GET, OPTIONS", + "Access-Control-Allow-Headers": "X-Auth-Token, X-Client-Package", "Access-Control-Max-Age": "86400", - // "Access-Control-Allow-Headers": "X-Auth-Token, X-Client-Package", - "Access-Control-Allow-Headers": "*", }, }); }; @@ -48,16 +44,6 @@ const isAllowedOrigin = (origin: string | null) => { } }; -const areAllowedHeaders = (headers: string | null) => { - const allowed = ["x-auth-token", "x-client-package"]; - - if (!headers) return true; - for (const header of headers.split(",")) { - if (!allowed.includes(header.trim().toLowerCase())) return false; - } - return true; -}; - const handleGET = async (request: Request) => { const url = new URL(request.url); diff --git a/infra/workers/uploader/src/index.ts b/infra/workers/uploader/src/index.ts index 65a2161641..fb811924be 100644 --- a/infra/workers/uploader/src/index.ts +++ b/infra/workers/uploader/src/index.ts @@ -23,17 +23,14 @@ export default { const handleOPTIONS = (request: Request) => { const origin = request.headers.get("Origin"); if (!isAllowedOrigin(origin)) console.warn("Unknown origin", origin); - const headers = request.headers.get("Access-Control-Request-Headers"); - if (!areAllowedHeaders(headers)) - console.warn("Unknown header in list", headers); return new Response("", { headers: { "Access-Control-Allow-Origin": "*", "Access-Control-Allow-Methods": "POST, PUT, OPTIONS", - "Access-Control-Max-Age": "86400", - // "Access-Control-Allow-Headers": "Content-Type", "UPLOAD-URL, X-Client-Package", - "Access-Control-Allow-Headers": "*", + "Access-Control-Allow-Headers": + "Content-Type, UPLOAD-URL, X-Client-Package", "Access-Control-Expose-Headers": "X-Request-Id, CF-Ray", + "Access-Control-Max-Age": "86400", }, }); }; @@ -55,16 +52,6 @@ const isAllowedOrigin = (origin: string | null) => { } }; -const areAllowedHeaders = (headers: string | null) => { - const allowed = ["content-type", "upload-url", "x-client-package"]; - - if (!headers) return true; - for (const header of headers.split(",")) { - if (!allowed.includes(header.trim().toLowerCase())) return false; - } - return true; -}; - const handlePOSTOrPUT = async (request: Request) => { const url = new URL(request.url);