diff --git a/server.js b/server.js index 090ac81..a6271ff 100644 --- a/server.js +++ b/server.js @@ -48,6 +48,23 @@ const io = new Server(server, { // MIDDLEWARE SETUP // ============================================================================ +// CORS Configuration - Allow all origins for development +app.use((req, res, next) => { + // Allow all origins + res.setHeader('Access-Control-Allow-Origin', '*'); + res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS, PATCH'); + res.setHeader('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept, Authorization, X-API-Key'); + res.setHeader('Access-Control-Max-Age', '86400'); // 24 hours + + // Handle preflight requests + if (req.method === 'OPTIONS') { + res.status(200).end(); + return; + } + + next(); +}); + // Body Parser Middleware app.use(express.json({ limit: '10mb' })); app.use(express.urlencoded({ extended: true, limit: '10mb' })); @@ -57,7 +74,7 @@ app.use(session({ secret: process.env.SESSION_SECRET || 'kjhdizr3lhwho8fpjslgf825Ɵ0hsd', resave: false, saveUninitialized: false, - cookie: { + cookie: { secure: false, // Set to true when using HTTPS maxAge: 24 * 60 * 60 * 1000, // 24 hours httpOnly: true // Security: prevent XSS attacks @@ -205,7 +222,7 @@ app.use('/login', express.static('public')); */ io.on('connection', (socket) => { // Client connected - connection is established - + socket.on('disconnect', () => { // Client disconnected - cleanup if needed }); @@ -271,13 +288,13 @@ server.listen(port, () => { */ process.on('SIGINT', async () => { console.log('\nšŸ›‘ Server wird heruntergefahren...'); - + // Close server gracefully server.close(() => { console.log('āœ… Server erfolgreich heruntergefahren'); process.exit(0); }); - + // Force exit after 5 seconds if graceful shutdown fails setTimeout(() => { console.log('āš ļø Forced shutdown after timeout');