changes in cors

diff --git a/backend/main.go b/backend/main.go
index 6b087cf0b194db5bad1fe62f302bd70209094152..30ae34d62cc7dc32c2358553d78177bfcdb04c31 100644 (file)
--- a/backend/main.go
+++ b/backend/main.go
@@ -128,9 +128,16 @@ func main() {
        rootMux := http.NewServeMux()
        rootMux.Handle("/api/", http.StripPrefix("/api", api))
 
+       var handler http.Handler = rootMux
+
        // Create a handler chain with Timeout, Logger and CORS middleware
        // Timeout middleware will be executed first, then Logger, then CORS
-       handler := timeoutMiddleware(middleware.Logger(middleware.CORS(rootMux)))
+       if len(utils.Settings.AllowedHosts) == 0 {
+               logger.Println("Warning: ALLOWED_HOSTS is empty, CORS will not allow any cross-origin requests")
+       } else {
+               handler = middleware.CORS(rootMux)
+       }
+       handler = timeoutMiddleware(middleware.Logger(handler))
 
        // Create the server without ReadTimeout/WriteTimeout (managed by middleware)
        server := &http.Server{

diff --git a/backend/middleware/middleware.go b/backend/middleware/middleware.go
index 7307233cad13aa61734faf723ca9dff543372218..2907cada609705425abc4544ce1257c07ca5d2fd 100644 (file)
--- a/backend/middleware/middleware.go
+++ b/backend/middleware/middleware.go
@@ -3,6 +3,7 @@ package middleware
 import (
        "context"
        "net/http"
+       "slices"
        "strings"
        "time"
 
@@ -16,19 +17,12 @@ func CORS(next http.Handler) http.Handler {
                origin := r.Header.Get("Origin")
 
                // Check if origin is in allowed hosts
-               allowed := false
-               for _, host := range utils.Settings.AllowedHosts {
-                       if origin == host {
-                               allowed = true
-                               break
-                       }
-               }
+               allowed := slices.Contains(utils.Settings.AllowedHosts, origin)
 
                // Set CORS headers if origin is allowed
                if allowed {
                        w.Header().Set("Access-Control-Allow-Origin", origin)
                        w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
-                       w.Header().Set("Access-Control-Expose-Headers", "Content-Disposition")
                        w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization, Content-Disposition")
                        w.Header().Set("Access-Control-Allow-Credentials", "true")
                }

diff --git a/backend/utils/helpers.go b/backend/utils/helpers.go
index 39fcfc8061f8274b2d34602320fad2b86cb27449..664cdb5754b30e087bfefdad02b9213ca6737ad6 100644 (file)
--- a/backend/utils/helpers.go
+++ b/backend/utils/helpers.go
@@ -99,7 +99,7 @@ func InitSettings() error {
                Development:       false,
                SecretToken:       GenerateSecretToken(),
                LogoutAfterDays:   30,
-               AllowedHosts:      []string{"http://localhost:5173", "http://127.0.0.1:5173"},
+               AllowedHosts:      []string{},
                Indent:            0,
                AllowRegistration: false,
        }

diff --git a/frontend/src/i18n/de.json b/frontend/src/i18n/de.json
index 5d8fb6467afddea89ca26b967f28fae5fb15f064..99c3337f0f329e10c6eec3bd2c2c00aed88e84f3 100644 (file)
--- a/frontend/src/i18n/de.json
+++ b/frontend/src/i18n/de.json
@@ -288,6 +288,7 @@
     "installation_help": "Du kannst DailyTxT auch wie eine App installieren. Das geht über die Einstellungen des Browsers, wird aber nicht von jedem Browser unterstützt. Aktuell wurde keine Installation erkannt.<br/> \n<ul>\n<li>Android: \"Zum Startbildschirm hinzufügen\"</li>\n<li>Apple: \"Teilen\" -> \"Zum Home-Bildschirm\"</li>\n</ul>",
     "language": "Sprache",
     "language_auto_detect": "Sprache anhand des Browsers ermitteln. Aktuell:",
+    "language.help_translate": "Deine Sprache ist nicht enthalten? Dann hilf mit bei der Übersetzung! Infos dazu findest du hier:",
     "language_not_available": "Die Sprache <code>{browserLanguage}</code> ist nicht verfügbar. Es wird die Standardsprache <code>{defaultLanguage}</code> verwendet.",
     "language.reload_info": "Manche Änderungen werden erst nach einem Neuladen der Seite sichtbar.",
     "language_X_used": "wird verwendet",

diff --git a/frontend/src/i18n/en.json b/frontend/src/i18n/en.json
index a54a90dcbdee615986d76f6d5fc46cb6e707ed42..badf74aefaa9dfb85983bad35fb307b51b477849 100644 (file)
--- a/frontend/src/i18n/en.json
+++ b/frontend/src/i18n/en.json
@@ -288,6 +288,7 @@
     "installation_help": "You can also install DailyTxT like an app. This is done through the browser settings, but it is not supported by every browser. Currently, no installation has been detected.<br/>\n<ul>\n<li>Android: \"Add to Home screen\"</li>\n<li>Apple: \"Share\" -> \"Add to Home Screen\"</li>\n</ul>",
     "language": "Language",
     "language_auto_detect": "Determine language based on the browser. Currently:",
+    "language.help_translate": "Your language is not included? Then help to translate! You can find information about this here:",
     "language_not_available": "The language <code>{browserLanguage}</code> is not available. The default language <code>{defaultLanguage}</code> is used.",
     "language.reload_info": "Some changes only become visible after reloading the page.",
     "language_X_used": "is used",

diff --git a/nginx/default.conf b/nginx/default.conf
index 76e64c2d84d23efdc193539f7a854bafc583d7ab..e11e6e3e736889f042977cc6ec1d99710c700a96 100644 (file)
--- a/nginx/default.conf
+++ b/nginx/default.conf
@@ -21,7 +21,8 @@ server {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_read_timeout 600s; # allow long-running exports/uploads
+        proxy_set_header Origin $http_origin;
+        proxy_read_timeout 6000s; # allow long-running exports/uploads
     }
 
     # Service worker, manifest and assets should be served as-is