65 lines
2.1 KiB
Diff
65 lines
2.1 KiB
Diff
diff --git a/src/index.js b/src/index.js
|
|
--- a/src/index.js
|
|
+++ b/src/index.js
|
|
@@ -1,9 +1,8 @@
|
|
import fs from "node:fs";
|
|
import path from "node:path";
|
|
import express from "express";
|
|
-import cookieParser from "cookie-parser";
|
|
import cors from "cors";
|
|
|
|
import sql from "./db/index.js";
|
|
import healthRouter from "./routes/health.js";
|
|
import { authJwt } from "./middleware/authJwt.js";
|
|
@@ -64,7 +63,7 @@
|
|
// ✅ อยู่หลัง NPM/Reverse proxy → ให้ trust proxy เพื่อให้ cookie secure / proto ทำงานถูก
|
|
app.set("trust proxy", 1);
|
|
|
|
-// CORS แบบกำหนด origin ตามรายการที่อนุญาต + อนุญาต credentials (จำเป็นสำหรับ cookie)
|
|
+// ✅ CORS สำหรับ Bearer token: ไม่ต้องใช้ credentials (ไม่มีคุกกี้)
|
|
app.use(
|
|
cors({
|
|
origin(origin, cb) {
|
|
if (!origin) return cb(null, true); // server-to-server / curl
|
|
return cb(null, ALLOW_ORIGINS.includes(origin));
|
|
},
|
|
- credentials: true,
|
|
+ credentials: false,
|
|
methods: ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"],
|
|
- allowedHeaders: ["Content-Type", "Authorization", "X-Requested-With"],
|
|
+ allowedHeaders: [
|
|
+ "Content-Type",
|
|
+ "Authorization",
|
|
+ "X-Requested-With",
|
|
+ "Accept",
|
|
+ "Origin",
|
|
+ "Referer",
|
|
+ "User-Agent",
|
|
+ "Cache-Control",
|
|
+ "Pragma"
|
|
+ ],
|
|
exposedHeaders: ["Content-Disposition", "Content-Length"],
|
|
})
|
|
);
|
|
// preflight
|
|
app.options(
|
|
"*",
|
|
cors({
|
|
origin(origin, cb) {
|
|
if (!origin) return cb(null, true);
|
|
return cb(null, ALLOW_ORIGINS.includes(origin));
|
|
},
|
|
- credentials: true,
|
|
+ credentials: false,
|
|
})
|
|
);
|
|
|
|
-app.use(cookieParser());
|
|
+// ❌ ไม่ต้อง parse cookie แล้ว (เราไม่ใช้คุกกี้สำหรับ auth)
|
|
+// app.use(cookieParser());
|
|
|
|
// Payload limits
|
|
app.use(express.json({ limit: "10mb" }));
|
|
app.use(express.urlencoded({ extended: true, limit: "10mb" }));
|
|
|