wkadmin/the-tip-top-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add explicit OPTIONS preflight handler for CORS

Browse Source 
Add explicit handler for OPTIONS requests to ensure CORS headers
are always sent on preflight requests, fixing CORS errors on dev.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
soufiane 2025-12-07 17:33:34 +01:00
parent 6eda77e84c
commit d562f4421a
1 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
index.js
View File

@ -20,6 +20,32 @@ import contactRoutes from "./src/routes/contact.routes.js";
const app = express(); const app = express();
// Handler explicite pour les requêtes preflight OPTIONS
app.options('*', (req, res) => {
const allowedOrigins = [
"http://localhost:3000",
"http://localhost:3001",
"http://localhost:3002",
"http://localhost:3003",
"http://localhost:3004",
"http://localhost:3005",
"https://dsp5-archi-o24a-15m-g3.fr",
"https://dev.dsp5-archi-o24a-15m-g3.fr",
"https://preprod.dsp5-archi-o24a-15m-g3.fr"
];
const origin = req.headers.origin;
if (!origin || allowedOrigins.includes(origin)) {
res.header('Access-Control-Allow-Origin', origin || '*');
} else {
res.header('Access-Control-Allow-Origin', origin); // Autorise tout en dev
}
res.header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, PATCH, OPTIONS');
res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-Requested-With');
res.header('Access-Control-Allow-Credentials', 'true');
res.header('Access-Control-Max-Age', '86400');
res.sendStatus(204);
});
// CORS doit être configuré AVANT helmet // CORS doit être configuré AVANT helmet
app.use( app.use(
cors({ cors({