ptr.pet / endpoint
data endpoint for entity 90008 (aka. a website)
fork atom

cors

ptr.pet 253b437c 558ce2cb

verified
0/0
Waiting for spindle ...
options
unified split
Changed files
+39 -2
src
hooks.server.ts
+39 -2
src/hooks.server.ts
··· 17 removeLastVisitor 18 } from '$lib/visits'; 19 import { testUa } from '$lib/robots'; 20 - import { error } from '@sveltejs/kit'; 21 import { _fetchEntries } from './routes/(site)/guestbook/+page.server'; 22 23 const updateNowPlaying = async () => { 24 try { ··· 55 ) 56 ); 57 58 - export const handle = async ({ event, resolve }) => { 59 notifyDarkVisitors(event.url, event.request); // no await so it doesnt block 60 61 const isPrefetch = () => { ··· 103 104 return resp; 105 };
··· 17 removeLastVisitor 18 } from '$lib/visits'; 19 import { testUa } from '$lib/robots'; 20 + import { error, type Handle } from '@sveltejs/kit'; 21 import { _fetchEntries } from './routes/(site)/guestbook/+page.server'; 22 + import { sequence } from '@sveltejs/kit/hooks'; 23 24 const updateNowPlaying = async () => { 25 try { ··· 56 ) 57 ); 58 59 + const corsHandler = (allowedOrigins = ['*']) => { 60 + return async ({ event, resolve }: Parameters<Handle>[0]) => { 61 + const origin = event.request.headers.get('origin'); 62 + 63 + const corsHeaders: Record<string, string> = { 64 + 'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE, PATCH, OPTIONS', 65 + 'Access-Control-Allow-Headers': 'Content-Type, Authorization', 66 + }; 67 + 68 + if (allowedOrigins.includes('*')) 69 + corsHeaders['Access-Control-Allow-Origin'] = '*'; 70 + else if (origin && allowedOrigins.includes(origin)) { 71 + corsHeaders['Access-Control-Allow-Origin'] = origin; 72 + corsHeaders['Access-Control-Allow-Credentials'] = 'true'; 73 + } 74 + 75 + if (event.request.method === 'OPTIONS') 76 + return new Response(null, { headers: corsHeaders }); 77 + 78 + const response = await resolve(event); 79 + 80 + Object.entries(corsHeaders).forEach(([key, value]) => { 81 + response.headers.set(key, value); 82 + }); 83 + 84 + return response; 85 + }; 86 + } 87 + 88 + const handler = async ({ event, resolve }: Parameters<Handle>[0]) => { 89 notifyDarkVisitors(event.url, event.request); // no await so it doesnt block 90 91 const isPrefetch = () => { ··· 133 134 return resp; 135 }; 136 + 137 + const allowedOrigins = [ 138 + "https://gaze.systems", 139 + "https://ptr.pet", 140 + "https://poor.dog", 141 + ]; 142 + export const handle = sequence(corsHandler(allowedOrigins), handler);