diff options
| author | Fuwn <[email protected]> | 2026-04-18 08:55:21 +0000 |
|---|---|---|
| committer | Fuwn <[email protected]> | 2026-04-18 08:55:21 +0000 |
| commit | 9aed8f08cd599114515300acd03544b6a6d222d8 (patch) | |
| tree | 0204322f5bed43fee860cd74af0590729c77b347 | |
| parent | fix(api): gate badge click-count on Origin and fix 401 response reuse (diff) | |
| download | due.moe-9aed8f08cd599114515300acd03544b6a6d222d8.tar.xz due.moe-9aed8f08cd599114515300acd03544b6a6d222d8.zip | |
fix(cdn): preserve upstream headers alongside CORS and cache overrides
The response was built with `{ "Cache-Control": ..., "Access-Control-
Allow-Origin": ..., ...response.headers }`. Spreading a Headers
instance into a plain object does not expand into own properties, so
upstream headers (including Content-Type) were dropped on the floor.
Build a Headers copy of the upstream response and .set() the overrides
on it, so Content-Type and friends survive alongside the locked-down
CORS origin and long cache policy.
| -rw-r--r-- | apps/cdn/index.ts | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/apps/cdn/index.ts b/apps/cdn/index.ts index e0d63db5..63b6e798 100644 --- a/apps/cdn/index.ts +++ b/apps/cdn/index.ts @@ -99,14 +99,16 @@ const handleRequest = async (originalRequest) => { // ); // } + const responseHeaders = new Headers(response.headers); + responseHeaders.set( + "Cache-Control", + "public, immutable, s-maxage=31536000, max-age=31536000, stale-while-revalidate=60", + ); + responseHeaders.set("Access-Control-Allow-Origin", "https://due.moe"); + return new Response(response.body, { status: response.status, statusText: response.statusText, - headers: { - "Cache-Control": - "public, immutable, s-maxage=31536000, max-age=31536000, stale-while-revalidate=60", - "Access-Control-Allow-Origin": "https://due.moe", - ...response.headers, - }, + headers: responseHeaders, }); }; |