ptr.pet
+39
-2
src/hooks.server.ts
+39
-2
src/hooks.server.ts
···
17
17
removeLastVisitor
18
18
} from '$lib/visits';
19
19
import { testUa } from '$lib/robots';
20
-
import { error } from '@sveltejs/kit';
20
+
import { error, type Handle } from '@sveltejs/kit';
21
21
import { _fetchEntries } from './routes/(site)/guestbook/+page.server';
22
+
import { sequence } from '@sveltejs/kit/hooks';
22
23
23
24
const updateNowPlaying = async () => {
24
25
try {
···
55
56
)
56
57
);
57
58
58
-
export const handle = async ({ event, resolve }) => {
59
+
const corsHandler = (allowedOrigins = ['*']) => {
60
+
return async ({ event, resolve }: Parameters<Handle>[0]) => {
61
+
const origin = event.request.headers.get('origin');
62
+
63
+
const corsHeaders: Record<string, string> = {
64
+
'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE, PATCH, OPTIONS',
65
+
'Access-Control-Allow-Headers': 'Content-Type, Authorization',
66
+
};
67
+
68
+
if (allowedOrigins.includes('*'))
69
+
corsHeaders['Access-Control-Allow-Origin'] = '*';
70
+
else if (origin && allowedOrigins.includes(origin)) {
71
+
corsHeaders['Access-Control-Allow-Origin'] = origin;
72
+
corsHeaders['Access-Control-Allow-Credentials'] = 'true';
73
+
}
74
+
75
+
if (event.request.method === 'OPTIONS')
76
+
return new Response(null, { headers: corsHeaders });
77
+
78
+
const response = await resolve(event);
79
+
80
+
Object.entries(corsHeaders).forEach(([key, value]) => {
81
+
response.headers.set(key, value);
82
+
});
83
+
84
+
return response;
85
+
};
86
+
}
87
+
88
+
const handler = async ({ event, resolve }: Parameters<Handle>[0]) => {
59
89
notifyDarkVisitors(event.url, event.request); // no await so it doesnt block
60
90
61
91
const isPrefetch = () => {
···
103
133
104
134
return resp;
105
135
};
136
+
137
+
const allowedOrigins = [
138
+
"https://gaze.systems",
139
+
"https://ptr.pet",
140
+
"https://poor.dog",
141
+
];
142
+
export const handle = sequence(corsHandler(allowedOrigins), handler);