From d297d6038ad9582df827d7099a68d44c7951127b Mon Sep 17 00:00:00 2001 From: QSchlegel Date: Mon, 22 Sep 2025 14:54:39 +0200 Subject: [PATCH] feat(cors): add cache-busting headers and enhance CORS middleware options --- src/lib/cors.ts | 11 +++++++++++ src/pages/api/v1/walletIds.ts | 5 ++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/src/lib/cors.ts b/src/lib/cors.ts index 89e4037d..024ea3d7 100644 --- a/src/lib/cors.ts +++ b/src/lib/cors.ts @@ -1,5 +1,6 @@ import Cors from "cors"; import initMiddleware from "./init-middleware"; +import type { NextApiResponse } from "next"; const rawOrigins = process.env.CORS_ORIGINS || ""; const allowedOrigins = @@ -10,6 +11,8 @@ export const cors = initMiddleware( methods: ["GET", "POST", "OPTIONS"], allowedHeaders: ["Content-Type", "Authorization"], credentials: true, + optionsSuccessStatus: 200, // Some legacy browsers choke on 204 + preflightContinue: false, origin: function ( origin: string | undefined, callback: (err: Error | null, allow?: boolean) => void, @@ -55,3 +58,11 @@ export const cors = initMiddleware( }, }), ); + +// Helper function to add cache-busting headers for CORS +export function addCorsCacheBustingHeaders(res: NextApiResponse) { + res.setHeader('Cache-Control', 'no-cache, no-store, must-revalidate'); + res.setHeader('Pragma', 'no-cache'); + res.setHeader('Expires', '0'); + res.setHeader('Vary', 'Origin'); +} diff --git a/src/pages/api/v1/walletIds.ts b/src/pages/api/v1/walletIds.ts index 8fe00041..06daa10a 100644 --- a/src/pages/api/v1/walletIds.ts +++ b/src/pages/api/v1/walletIds.ts @@ -2,12 +2,15 @@ import { NextApiRequest, NextApiResponse } from "next"; import { createCaller } from "@/server/api/root"; import { db } from "@/server/db"; import { verifyJwt } from "@/lib/verifyJwt"; -import { cors } from "@/lib/cors"; +import { cors, addCorsCacheBustingHeaders } from "@/lib/cors"; export default async function handler( req: NextApiRequest, res: NextApiResponse, ) { + // Add cache-busting headers for CORS + addCorsCacheBustingHeaders(res); + await cors(req, res); if (req.method === "OPTIONS") { return res.status(200).end();