reptil1990/Ninjaserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔧 Fix CORS: Allow all origins for development

Browse Source 
- Simplified CORS configuration to allow all origins (*)
- Removed origin restrictions for easier development
- Fixed CORS preflight request handling
- Now allows requests from any domain including 192.168.1.96
This commit is contained in:
Carsten Graf
2025-09-08 18:02:00 +02:00
parent c347ddb7b4
commit c74bfb4394
1 changed files with 21 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
server.js
View File

@@ -48,6 +48,23 @@ const io = new Server(server, {
// MIDDLEWARE SETUP // MIDDLEWARE SETUP
// ============================================================================ // ============================================================================
// CORS Configuration - Allow all origins for development
app.use((req, res, next) => {
// Allow all origins
res.setHeader('Access-Control-Allow-Origin', '*');
res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS, PATCH');
res.setHeader('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept, Authorization, X-API-Key');
res.setHeader('Access-Control-Max-Age', '86400'); // 24 hours
// Handle preflight requests
if (req.method === 'OPTIONS') {
res.status(200).end();
return;
}
next();
});
// Body Parser Middleware // Body Parser Middleware
app.use(express.json({ limit: '10mb' })); app.use(express.json({ limit: '10mb' }));
app.use(express.urlencoded({ extended: true, limit: '10mb' })); app.use(express.urlencoded({ extended: true, limit: '10mb' }));
@@ -57,7 +74,7 @@ app.use(session({
secret: process.env.SESSION_SECRET || 'kjhdizr3lhwho8fpjslgf825ß0hsd', secret: process.env.SESSION_SECRET || 'kjhdizr3lhwho8fpjslgf825ß0hsd',
resave: false, resave: false,
saveUninitialized: false, saveUninitialized: false,
cookie: { cookie: {
secure: false, // Set to true when using HTTPS secure: false, // Set to true when using HTTPS
maxAge: 24 * 60 * 60 * 1000, // 24 hours maxAge: 24 * 60 * 60 * 1000, // 24 hours
httpOnly: true // Security: prevent XSS attacks httpOnly: true // Security: prevent XSS attacks
@@ -205,7 +222,7 @@ app.use('/login', express.static('public'));
*/ */
io.on('connection', (socket) => { io.on('connection', (socket) => {
// Client connected - connection is established // Client connected - connection is established
socket.on('disconnect', () => { socket.on('disconnect', () => {
// Client disconnected - cleanup if needed // Client disconnected - cleanup if needed
}); });
@@ -271,13 +288,13 @@ server.listen(port, () => {
*/ */
process.on('SIGINT', async () => { process.on('SIGINT', async () => {
console.log('\n🛑 Server wird heruntergefahren...'); console.log('\n🛑 Server wird heruntergefahren...');
// Close server gracefully // Close server gracefully
server.close(() => { server.close(() => {
console.log('✅ Server erfolgreich heruntergefahren'); console.log('✅ Server erfolgreich heruntergefahren');
process.exit(0); process.exit(0);
}); });
// Force exit after 5 seconds if graceful shutdown fails // Force exit after 5 seconds if graceful shutdown fails
setTimeout(() => { setTimeout(() => {
console.log('⚠️ Forced shutdown after timeout'); console.log('⚠️ Forced shutdown after timeout');