befly 3.4.14 → 3.4.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/middleware.ts +33 -1
- package/package.json +2 -2
package/lib/middleware.ts
CHANGED
|
@@ -50,13 +50,45 @@ export interface CorsResult {
|
|
|
50
50
|
/**
|
|
51
51
|
* 设置 CORS 选项
|
|
52
52
|
* 根据环境变量或请求头动态设置跨域配置
|
|
53
|
+
*
|
|
54
|
+
* 注意:Access-Control-Allow-Origin 只能返回单个源,不能用逗号分隔多个源
|
|
55
|
+
* 如果配置了多个允许的源,需要根据请求的 Origin 动态返回匹配的源
|
|
56
|
+
*
|
|
53
57
|
* @param req - 请求对象
|
|
54
58
|
* @returns CORS 配置对象
|
|
55
59
|
*/
|
|
56
60
|
export const setCorsOptions = (req: Request): CorsResult => {
|
|
61
|
+
const requestOrigin = req.headers.get('origin');
|
|
62
|
+
let allowedOrigin = '*';
|
|
63
|
+
|
|
64
|
+
// 如果配置了 ALLOWED_ORIGIN
|
|
65
|
+
if (Env.ALLOWED_ORIGIN) {
|
|
66
|
+
// 如果配置为 *,使用请求的 origin(而不是返回 *)
|
|
67
|
+
if (Env.ALLOWED_ORIGIN === '*') {
|
|
68
|
+
allowedOrigin = requestOrigin || '*';
|
|
69
|
+
} else {
|
|
70
|
+
// 支持多个源,用逗号分隔
|
|
71
|
+
const allowedOrigins = Env.ALLOWED_ORIGIN.split(',').map((origin) => origin.trim());
|
|
72
|
+
|
|
73
|
+
// 如果请求的 origin 在允许列表中,返回该 origin
|
|
74
|
+
if (requestOrigin && allowedOrigins.includes(requestOrigin)) {
|
|
75
|
+
allowedOrigin = requestOrigin;
|
|
76
|
+
} else if (allowedOrigins.length === 1) {
|
|
77
|
+
// 如果只配置了一个源,直接使用
|
|
78
|
+
allowedOrigin = allowedOrigins[0];
|
|
79
|
+
} else {
|
|
80
|
+
// 多个源但请求源不在列表中,不允许跨域
|
|
81
|
+
allowedOrigin = 'null';
|
|
82
|
+
}
|
|
83
|
+
}
|
|
84
|
+
} else if (requestOrigin) {
|
|
85
|
+
// 没有配置 ALLOWED_ORIGIN,使用请求的 origin
|
|
86
|
+
allowedOrigin = requestOrigin;
|
|
87
|
+
}
|
|
88
|
+
|
|
57
89
|
return {
|
|
58
90
|
headers: {
|
|
59
|
-
'Access-Control-Allow-Origin':
|
|
91
|
+
'Access-Control-Allow-Origin': allowedOrigin,
|
|
60
92
|
'Access-Control-Allow-Methods': Env.ALLOWED_METHODS || 'GET, POST, PUT, DELETE, OPTIONS',
|
|
61
93
|
'Access-Control-Allow-Headers': Env.ALLOWED_HEADERS || 'Content-Type, Authorization, authorization, token',
|
|
62
94
|
'Access-Control-Expose-Headers': Env.EXPOSE_HEADERS || 'Content-Range, X-Content-Range, Authorization, authorization, token',
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "befly",
|
|
3
|
-
"version": "3.4.
|
|
3
|
+
"version": "3.4.15",
|
|
4
4
|
"description": "Befly - 为 Bun 专属打造的 TypeScript API 接口框架核心引擎",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"private": false,
|
|
@@ -81,5 +81,5 @@
|
|
|
81
81
|
"ora": "^9.0.0",
|
|
82
82
|
"pathe": "^2.0.3"
|
|
83
83
|
},
|
|
84
|
-
"gitHead": "
|
|
84
|
+
"gitHead": "f7fad19e6c07b776a4a3c1aa83d09497ababb719"
|
|
85
85
|
}
|