Skip to content

Commit 0d295cd

Browse files
RabbitDaCoderRabbitDaCoder
committed
Fix CORS preflight handler order and response code
1 parent 6f87e49 commit 0d295cd

2 files changed

Lines changed: 27 additions & 2 deletions

File tree

api/app.js

Lines changed: 26 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,20 @@ app.use(
3131
"Accept",
3232
"Origin",
3333
"X-Requested-With",
34+
"x-request-timeout",
35+
"X-Request-Timeout",
36+
"Access-Control-Allow-Headers",
37+
"Access-Control-Allow-Origin",
38+
"Cache-Control",
39+
"Pragma",
40+
"X-HTTP-Method-Override",
41+
"X-Forwarded-For",
42+
"X-Real-IP",
43+
"User-Agent",
44+
"Referer"
3445
],
46+
exposedHeaders: ["Content-Length", "Content-Type"],
47+
maxAge: 86400, // 24 hours
3548
})
3649
);
3750

@@ -46,7 +59,19 @@ const publicLimiter = rateLimit({
4659

4760
app.use("/api", publicLimiter);
4861

49-
// Handle preflight requests
62+
// Specific handler for deliveries preflight (must come before general options handler)
63+
app.options("/api/deliveries", (req, res) => {
64+
res.header("Access-Control-Allow-Origin", req.headers.origin || "*");
65+
res.header("Access-Control-Allow-Methods", "GET,POST,PUT,DELETE,PATCH,OPTIONS");
66+
res.header("Access-Control-Allow-Headers",
67+
"Content-Type,Authorization,Accept,Origin,X-Requested-With,x-request-timeout,X-Request-Timeout,Access-Control-Allow-Headers,Access-Control-Allow-Origin,Cache-Control,Pragma,X-HTTP-Method-Override,X-Forwarded-For,X-Real-IP,User-Agent,Referer"
68+
);
69+
res.header("Access-Control-Allow-Credentials", "true");
70+
res.header("Access-Control-Max-Age", "86400");
71+
res.sendStatus(204); // Use 204 No Content for preflight
72+
});
73+
74+
// Handle preflight requests (general fallback)
5075
app.options("*", cors());
5176

5277
app.use("/api/auth", authRoutes);

api/test.rest

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# Delivery Tracking API Email Test Suite
22
# Focused on email functionality testing with real emails
33

4-
@baseUrl = http://localhost:5000/api
4+
@baseUrl = https://aegis-express-api.onrender.com/api
55
@token = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjY4YTQwY2UxZWZiYTQ1ZTc1NjVmODUwMCIsInJvbGUiOiJhZG1pbiIsImlhdCI6MTc1NjM1NDI1MSwiZXhwIjoxNzU2OTU5MDUxfQ.uNGdd3X4jd-QnFZ0yiMwQ2osAcnntZEP_MnvpwxrKcs
66
@deliveryId = 68b03e2dc3158b77359b0159
77
@trackingCode = AGL2234712819

0 commit comments

Comments
 (0)