From: PhiTux <redacted>
Date: Thu, 9 Oct 2025 14:04:35 +0000 (+0200)
Subject: changes in cors
X-Git-Url: http://git.99rst.org/?a=commitdiff_plain;h=36ccc40930d65f64fa971aee8b51f3b7e0872954;p=DailyTxT.git

changes in cors
---

diff --git a/backend/main.go b/backend/main.go
index 6b087cf..30ae34d 100644
--- a/backend/main.go
+++ b/backend/main.go
@@ -128,9 +128,16 @@ func main() {
 	rootMux := http.NewServeMux()
 	rootMux.Handle("/api/", http.StripPrefix("/api", api))
 
+	var handler http.Handler = rootMux
+
 	// Create a handler chain with Timeout, Logger and CORS middleware
 	// Timeout middleware will be executed first, then Logger, then CORS
-	handler := timeoutMiddleware(middleware.Logger(middleware.CORS(rootMux)))
+	if len(utils.Settings.AllowedHosts) == 0 {
+		logger.Println("Warning: ALLOWED_HOSTS is empty, CORS will not allow any cross-origin requests")
+	} else {
+		handler = middleware.CORS(rootMux)
+	}
+	handler = timeoutMiddleware(middleware.Logger(handler))
 
 	// Create the server without ReadTimeout/WriteTimeout (managed by middleware)
 	server := &http.Server{
diff --git a/backend/middleware/middleware.go b/backend/middleware/middleware.go
index 7307233..2907cad 100644
--- a/backend/middleware/middleware.go
+++ b/backend/middleware/middleware.go
@@ -3,6 +3,7 @@ package middleware
 import (
 	"context"
 	"net/http"
+	"slices"
 	"strings"
 	"time"
 
@@ -16,19 +17,12 @@ func CORS(next http.Handler) http.Handler {
 		origin := r.Header.Get("Origin")
 
 		// Check if origin is in allowed hosts
-		allowed := false
-		for _, host := range utils.Settings.AllowedHosts {
-			if origin == host {
-				allowed = true
-				break
-			}
-		}
+		allowed := slices.Contains(utils.Settings.AllowedHosts, origin)
 
 		// Set CORS headers if origin is allowed
 		if allowed {
 			w.Header().Set("Access-Control-Allow-Origin", origin)
 			w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
-			w.Header().Set("Access-Control-Expose-Headers", "Content-Disposition")
 			w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization, Content-Disposition")
 			w.Header().Set("Access-Control-Allow-Credentials", "true")
 		}
diff --git a/backend/utils/helpers.go b/backend/utils/helpers.go
index 39fcfc8..664cdb5 100644
--- a/backend/utils/helpers.go
+++ b/backend/utils/helpers.go
@@ -99,7 +99,7 @@ func InitSettings() error {
 		Development:       false,
 		SecretToken:       GenerateSecretToken(),
 		LogoutAfterDays:   30,
-		AllowedHosts:      []string{"http://localhost:5173", "http://127.0.0.1:5173"},
+		AllowedHosts:      []string{},
 		Indent:            0,
 		AllowRegistration: false,
 	}
diff --git a/frontend/src/i18n/de.json b/frontend/src/i18n/de.json
index 5d8fb64..99c3337 100644
--- a/frontend/src/i18n/de.json
+++ b/frontend/src/i18n/de.json
@@ -288,6 +288,7 @@
     "installation_help": "Du kannst DailyTxT auch wie eine App installieren. Das geht über die Einstellungen des Browsers, wird aber nicht von jedem Browser unterstützt. Aktuell wurde keine Installation erkannt.<br/> \n<ul>\n<li>Android: \"Zum Startbildschirm hinzufügen\"</li>\n<li>Apple: \"Teilen\" -> \"Zum Home-Bildschirm\"</li>\n</ul>",
     "language": "Sprache",
     "language_auto_detect": "Sprache anhand des Browsers ermitteln. Aktuell:",
+    "language.help_translate": "Deine Sprache ist nicht enthalten? Dann hilf mit bei der Übersetzung! Infos dazu findest du hier:",
     "language_not_available": "Die Sprache <code>{browserLanguage}</code> ist nicht verfügbar. Es wird die Standardsprache <code>{defaultLanguage}</code> verwendet.",
     "language.reload_info": "Manche Änderungen werden erst nach einem Neuladen der Seite sichtbar.",
     "language_X_used": "wird verwendet",
diff --git a/frontend/src/i18n/en.json b/frontend/src/i18n/en.json
index a54a90d..badf74a 100644
--- a/frontend/src/i18n/en.json
+++ b/frontend/src/i18n/en.json
@@ -288,6 +288,7 @@
     "installation_help": "You can also install DailyTxT like an app. This is done through the browser settings, but it is not supported by every browser. Currently, no installation has been detected.<br/>\n<ul>\n<li>Android: \"Add to Home screen\"</li>\n<li>Apple: \"Share\" -> \"Add to Home Screen\"</li>\n</ul>",
     "language": "Language",
     "language_auto_detect": "Determine language based on the browser. Currently:",
+    "language.help_translate": "Your language is not included? Then help to translate! You can find information about this here:",
     "language_not_available": "The language <code>{browserLanguage}</code> is not available. The default language <code>{defaultLanguage}</code> is used.",
     "language.reload_info": "Some changes only become visible after reloading the page.",
     "language_X_used": "is used",
diff --git a/nginx/default.conf b/nginx/default.conf
index 76e64c2..e11e6e3 100644
--- a/nginx/default.conf
+++ b/nginx/default.conf
@@ -21,7 +21,8 @@ server {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_read_timeout 600s; # allow long-running exports/uploads
+        proxy_set_header Origin $http_origin;
+        proxy_read_timeout 6000s; # allow long-running exports/uploads
     }
 
     # Service worker, manifest and assets should be served as-is