Set http header for CORS in nodeinfo page (#11988)

* add Access-Control-Allow-Origin header * WellKnownServerService.tsに合わせる * update changelog --------- Co-authored-by: syuilo <[email protected]>
misskey-dev · Oct 8, 2023 · bb9f04d · bb9f04d
1 parent 8e0fb23
commit bb9f04d
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -46,6 +46,7 @@
 - Enhance: WebSocket接続が多い場合のパフォーマンスを向上
 - Enhance: 不要なPostgreSQLのインデックスを削除しパフォーマンスを向上
 - Fix: 連合なしアンケートに投票をするとUpdateがリモートに配信されてしまうのを修正
+- Fix: nodeinfoにおいてCORS用のヘッダーが設定されていないのを修正
 - Fix: 同じ種類のTLのストリーミングを複数接続できない問題を修正
 
 ## 2023.9.3

diff --git a/packages/backend/src/server/NodeinfoServerService.ts b/packages/backend/src/server/NodeinfoServerService.ts
@@ -135,7 +135,11 @@ export class NodeinfoServerService {
 				.type(
 					'application/json; profile="http://nodeinfo.diaspora.software/ns/schema/2.1#"',
 				)
-				.header('Cache-Control', 'public, max-age=600');
+				.header('Cache-Control', 'public, max-age=600')
+				.header('Access-Control-Allow-Headers', 'Accept')
+				.header('Access-Control-Allow-Methods', 'GET, OPTIONS')
+				.header('Access-Control-Allow-Origin', '*')
+				.header('Access-Control-Expose-Headers', 'Vary');
 			return { version: '2.1', ...base };
 		});
 
@@ -148,7 +152,11 @@ export class NodeinfoServerService {
 				.type(
 					'application/json; profile="http://nodeinfo.diaspora.software/ns/schema/2.0#"',
 				)
-				.header('Cache-Control', 'public, max-age=600');
+				.header('Cache-Control', 'public, max-age=600')
+				.header('Access-Control-Allow-Headers', 'Accept')
+				.header('Access-Control-Allow-Methods', 'GET, OPTIONS')
+				.header('Access-Control-Allow-Origin', '*')
+				.header('Access-Control-Expose-Headers', 'Vary');
 			return { version: '2.0', ...base };
 		});