esdras/sistema-de-chamados
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

CORS: enable credentials for allowed origins (fix cookies set from WebView)

Browse source
This commit is contained in:
Esdras Renan 2025-10-14 20:57:31 -03:00
parent 1e850ed11e
commit 9eb3a63e90
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/server/cors.ts
View file

@ -22,6 +22,10 @@ export function applyCorsHeaders(response: NextResponse, origin: string | null,
response.headers.set("Access-Control-Allow-Origin", resolvedOrigin) response.headers.set("Access-Control-Allow-Origin", resolvedOrigin)
response.headers.set("Access-Control-Allow-Methods", methods) response.headers.set("Access-Control-Allow-Methods", methods)
response.headers.set("Access-Control-Allow-Headers", "Content-Type, Authorization") response.headers.set("Access-Control-Allow-Headers", "Content-Type, Authorization")
// Permite envio/recebimento de cookies em requisições cross-origin (ex.: WebView -> domínio HTTPS)
if (resolvedOrigin !== "*") {
response.headers.set("Access-Control-Allow-Credentials", "true")
}
response.headers.set("Access-Control-Max-Age", "86400") response.headers.set("Access-Control-Max-Age", "86400")
response.headers.set("Vary", "Origin") response.headers.set("Vary", "Origin")
return response return response