diff --git a/docker/nginx.conf b/docker/nginx.conf index afec21e9..eb1d2817 100644 --- a/docker/nginx.conf +++ b/docker/nginx.conf @@ -26,16 +26,10 @@ http { add_header X-Content-Type-Options nosniff always; add_header X-XSS-Protection "1; mode=block" always; - add_header Access-Control-Allow-Origin $http_origin always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH" always; - add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization" always; - add_header Access-Control-Allow-Credentials "true" always; - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { root /usr/share/nginx/html; expires 1y; add_header Cache-Control "public, immutable"; - add_header Access-Control-Allow-Origin $http_origin always; try_files $uri =404; } diff --git a/src/backend/dashboard.ts b/src/backend/dashboard.ts index acf95fff..8298045f 100644 --- a/src/backend/dashboard.ts +++ b/src/backend/dashboard.ts @@ -29,19 +29,15 @@ app.use( "http://127.0.0.1:3000", ]; - if (origin.startsWith("https://")) { - return callback(null, true); - } - - if (origin.startsWith("http://")) { - return callback(null, true); - } - if (allowedOrigins.includes(origin)) { return callback(null, true); } - callback(new Error("Not allowed by CORS")); + if (origin.startsWith("https://")) { + return callback(null, true); + } + + callback(null, true); }, credentials: true, methods: ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"], diff --git a/src/backend/database/database.ts b/src/backend/database/database.ts index 7bc524cd..256c2122 100644 --- a/src/backend/database/database.ts +++ b/src/backend/database/database.ts @@ -60,19 +60,15 @@ app.use( "http://127.0.0.1:3000", ]; - if (origin.startsWith("https://")) { - return callback(null, true); - } - - if (origin.startsWith("http://")) { - return callback(null, true); - } - if (allowedOrigins.includes(origin)) { return callback(null, true); } - callback(new Error("Not allowed by CORS")); + if (origin.startsWith("https://")) { + return callback(null, true); + } + + callback(null, true); }, credentials: true, methods: ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"], diff --git a/src/backend/ssh/file-manager.ts b/src/backend/ssh/file-manager.ts index 292d5224..c8a8bbd0 100644 --- a/src/backend/ssh/file-manager.ts +++ b/src/backend/ssh/file-manager.ts @@ -57,19 +57,15 @@ app.use( "http://127.0.0.1:3000", ]; - if (origin.startsWith("https://")) { - return callback(null, true); - } - - if (origin.startsWith("http://")) { - return callback(null, true); - } - if (allowedOrigins.includes(origin)) { return callback(null, true); } - callback(new Error("Not allowed by CORS")); + if (origin.startsWith("https://")) { + return callback(null, true); + } + + callback(null, true); }, credentials: true, methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"], diff --git a/src/backend/ssh/server-stats.ts b/src/backend/ssh/server-stats.ts index 23722537..6325da45 100644 --- a/src/backend/ssh/server-stats.ts +++ b/src/backend/ssh/server-stats.ts @@ -595,19 +595,15 @@ app.use( "http://127.0.0.1:3000", ]; - if (origin.startsWith("https://")) { - return callback(null, true); - } - - if (origin.startsWith("http://")) { - return callback(null, true); - } - if (allowedOrigins.includes(origin)) { return callback(null, true); } - callback(new Error("Not allowed by CORS")); + if (origin.startsWith("https://")) { + return callback(null, true); + } + + callback(null, true); }, credentials: true, methods: ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"], diff --git a/src/backend/ssh/tunnel.ts b/src/backend/ssh/tunnel.ts index 2fb97069..8790392e 100644 --- a/src/backend/ssh/tunnel.ts +++ b/src/backend/ssh/tunnel.ts @@ -33,19 +33,15 @@ app.use( "http://127.0.0.1:3000", ]; - if (origin.startsWith("https://")) { - return callback(null, true); - } - - if (origin.startsWith("http://")) { - return callback(null, true); - } - if (allowedOrigins.includes(origin)) { return callback(null, true); } - callback(new Error("Not allowed by CORS")); + if (origin.startsWith("https://")) { + return callback(null, true); + } + + callback(null, true); }, credentials: true, methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],