From 46254a699a8f02afe7c379b3d97952406b3e257e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=89=8B=E7=93=9C=E4=B8=80=E5=8D=81=E9=9B=AA?=
 <nanaeonn@outlook.com>
Date: Thu, 5 Dec 2024 19:56:36 +0800
Subject: [PATCH 1/2] fix

---
 src/webui/src/middleware/cors.ts | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/webui/src/middleware/cors.ts b/src/webui/src/middleware/cors.ts
index 8b91ddfa..3294d073 100644
--- a/src/webui/src/middleware/cors.ts
+++ b/src/webui/src/middleware/cors.ts
@@ -1,10 +1,16 @@
 import type { RequestHandler } from 'express';
 
 // CORS 中间件，跨域用
-export const cors: RequestHandler = (_, res, next) => {
-    res.header('Access-Control-Allow-Origin', '*');
+export const cors: RequestHandler = (req, res, next) => {
+    const origin = req.headers.origin || '*';
+    res.header('Access-Control-Allow-Origin', origin);
     res.header('Access-Control-Allow-Methods', '*');
     res.header('Access-Control-Allow-Headers', '*');
     res.header('Access-Control-Allow-Credentials', 'true');
+
+    if (req.method === 'OPTIONS') {
+        res.sendStatus(204);
+        return;
+    }
     next();
 };
\ No newline at end of file

From b6b7f2051b3054043913b6d7b1c9bb0c6d1f5995 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=89=8B=E7=93=9C=E4=B8=80=E5=8D=81=E9=9B=AA?=
 <nanaeonn@outlook.com>
Date: Thu, 5 Dec 2024 20:02:24 +0800
Subject: [PATCH 2/2] fix

---
 src/webui/src/middleware/cors.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/webui/src/middleware/cors.ts b/src/webui/src/middleware/cors.ts
index 3294d073..64a0d955 100644
--- a/src/webui/src/middleware/cors.ts
+++ b/src/webui/src/middleware/cors.ts
@@ -4,8 +4,8 @@ import type { RequestHandler } from 'express';
 export const cors: RequestHandler = (req, res, next) => {
     const origin = req.headers.origin || '*';
     res.header('Access-Control-Allow-Origin', origin);
-    res.header('Access-Control-Allow-Methods', '*');
-    res.header('Access-Control-Allow-Headers', '*');
+    res.header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
+    res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept, Authorization');
     res.header('Access-Control-Allow-Credentials', 'true');
 
     if (req.method === 'OPTIONS') {