Refactor CORS headers to allow all origins and additional headers

2024-11-21 22:59:07 +00:00 · 2024-07-09 20:08:45 +01:00 · 2024-07-09 20:08:45 +01:00 · 3234112644
commit 3234112644
parent 0c7db14e99
3 changed files with 8 additions and 4 deletions
--- a/CommonServer/Utils/StartServer.ts
+++ b/CommonServer/Utils/StartServer.ts
@ -61,11 +61,11 @@ const setDefaultHeaders: RequestHandler = (
  }

  res.header("Access-Control-Allow-Credentials", "true");
-  res.header("Access-Control-Allow-Origin", req.headers["origin"]);
+  res.header("Access-Control-Allow-Origin", "*");
  res.header("Access-Control-Allow-Methods", "GET,PUT,POST,DELETE,OPTIONS");
  res.header(
    "Access-Control-Allow-Headers",
-    "X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept,Authorization",
+    "X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept, Authorization, DNT, X-CustomHeader, Keep-Alive, User-Agent, If-Modified-Since, Cache-Control, Content-Type",
  );

  next();
--- a/CommonUI/src/Utils/Telemetry.ts
+++ b/CommonUI/src/Utils/Telemetry.ts
@ -33,7 +33,9 @@ export default class Telemetry {
      provider.addSpanProcessor(
        new BatchSpanProcessor(
          new OTLPTraceExporter({
-            url: URL.fromString(OpenTelemetryExporterOtlpEndpoint?.toString() + "/v1/traces").toString(),
+            url: URL.fromString(
+              OpenTelemetryExporterOtlpEndpoint?.toString() + "/v1/traces",
+            ).toString(),
            headers: OpenTelemetryExporterOtlpHeaders,
          }),
        ),
--- a/Ingestor/Middleware/TelemetryIngest.ts
+++ b/Ingestor/Middleware/TelemetryIngest.ts
@ -62,7 +62,9 @@ export default class TelemetryIngest {
        });

      if (!service) {
-        throw new BadRequestException("Invalid service token: "+serviceTokenInHeader);
+        throw new BadRequestException(
+          "Invalid service token: " + serviceTokenInHeader,
+        );
      }

      (req as TelemetryRequest).serviceId = service.id as ObjectID;