Michilis/Nip-05-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Support comma-separated CORS_HEADER for multiple origins.

Browse Source 
Parse CORS_HEADER as a list: * for all origins, or reflect matching
request Origin when multiple specific origins are configured. Add Vary:
Origin for the allowlist case. Update .env.example and CORS tests.
This commit is contained in:
Michilis
2026-05-06 20:38:28 +00:00
parent 43d78862e3
commit 5dcd671043
4 changed files with 58 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.env.example
View File

@@ -4,11 +4,10 @@ PORT=8080
ADMIN_API_KEY=change-me-to-a-long-random-string
FRONTEND_URL=https://azzamo.net/nip05
# Optional extra browser origins (comma-separated). Merged with FRONTEND_URL for CORS.
# CORS_ORIGINS=
# Allow http(s)://localhost:* and 127.0.0.1 for local UI dev hitting this API directly (not via Vite proxy).
CORS_ALLOW_LOCALHOST=true
# --- CORS ---
# Comma-separated list of allowed origins, or "*" to allow all.
# Examples: "*" | "https://azzamo.net" | "https://azzamo.net,https://other.example"
CORS_HEADER=*
# --- Database ---
DATABASE_PATH=.data/nip05.db