From ba8282c5e5e9a1293da4e65a452421325b471067 Mon Sep 17 00:00:00 2001 From: yazawazi <47273265+Yazawazi@users.noreply.github.com> Date: Thu, 9 May 2024 05:25:46 +0800 Subject: [PATCH] fix: cors request --- backend/funix/app/__init__.py | 12 +++++++++--- frontend/src/components/FunixFunction/InputPanel.tsx | 1 + frontend/src/components/FunixFunction/index.tsx | 4 +++- frontend/src/shared/index.ts | 5 +++++ 4 files changed, 18 insertions(+), 4 deletions(-) diff --git a/backend/funix/app/__init__.py b/backend/funix/app/__init__.py index 757781b..eab6709 100644 --- a/backend/funix/app/__init__.py +++ b/backend/funix/app/__init__.py @@ -20,7 +20,8 @@ app.secret_key = GlobalSwitchOption.get_session_key() app.config.update( SESSION_COOKIE_PATH="/", - SESSION_COOKIE_SAMESITE="Lax", + SESSION_COOKIE_SAMESITE="None", + SESSION_TYPE="filesystem", ) sock = Sock(app) @@ -69,11 +70,16 @@ def privacy_policy(message: str) -> None: @app.after_request def funix_auto_cors(response: Response) -> Response: - response.headers["Access-Control-Allow-Origin"] = "*" + if "HTTP_ORIGIN" not in request.environ: + response.headers["Access-Control-Allow-Origin"] = "*" + else: + response.headers["Access-Control-Allow-Credentials"] = "true" + response.headers["Access-Control-Allow-Origin"] = request.environ["HTTP_ORIGIN"] response.headers[ "Access-Control-Allow-Methods" ] = "GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE" - response.headers["Access-Control-Allow-Headers"] = "*" + response.headers["Access-Control-Allow-Headers"] = "Content-Type, *" + return response diff --git a/frontend/src/components/FunixFunction/InputPanel.tsx b/frontend/src/components/FunixFunction/InputPanel.tsx index 8dcfecd..5ff4290 100644 --- a/frontend/src/components/FunixFunction/InputPanel.tsx +++ b/frontend/src/components/FunixFunction/InputPanel.tsx @@ -120,6 +120,7 @@ const InputPanel = (props: { "Content-Type": "application/json", }, body: JSON.stringify(formData), + credentials: "include", }) .then((body) => { return body.json(); diff --git a/frontend/src/components/FunixFunction/index.tsx b/frontend/src/components/FunixFunction/index.tsx index 665c3b7..92f1e9d 100644 --- a/frontend/src/components/FunixFunction/index.tsx +++ b/frontend/src/components/FunixFunction/index.tsx @@ -131,7 +131,9 @@ const FunixFunction: React.FC = ({ preview, backend }) => { return; } queryLock.current = true; - fetch(new URL(`/param/${preview.id}`, backend).toString()) + fetch(new URL(`/param/${preview.id}`, backend).toString(), { + credentials: "include", + }) .then((body) => { return body.json(); }) diff --git a/frontend/src/shared/index.ts b/frontend/src/shared/index.ts index 20efbfe..b8f03c0 100644 --- a/frontend/src/shared/index.ts +++ b/frontend/src/shared/index.ts @@ -99,6 +99,7 @@ export async function getList( return f(url, { ...init, method: "GET", + credentials: "include", }); } @@ -164,6 +165,7 @@ export async function getParam( return f(url, { ...init, method: "GET", + credentials: "include", }); } @@ -196,6 +198,7 @@ export async function callFunction( ...init?.headers, "Content-Type": "application/json", }, + credentials: "include", }); } @@ -212,6 +215,7 @@ export async function callFunctionRaw( ...init?.headers, "Content-Type": "application/json", }, + credentials: "include", }).then((response) => response.text()); } @@ -228,6 +232,7 @@ export async function verifyToken( ...init?.headers, "Content-Type": "application/json", }, + credentials: "include", }).then((response) => response.success); }