From bf6021a0b4e9d55e85a44eedf2b2cb8c5e07eec6 Mon Sep 17 00:00:00 2001
From: Innei <tukon479@gmail.com>
Date: Tue, 27 May 2025 00:47:16 +0800
Subject: [PATCH] fix(auth): enhance CORS support in CreateAuth handler

- Added comprehensive CORS headers to the CreateAuth function to improve cross-origin request handling.
- Configured headers for allowed origins, methods, and credentials, along with a max age for preflight requests.

Signed-off-by: Innei <tukon479@gmail.com>
---
 apps/core/src/modules/auth/auth.implement.ts | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/apps/core/src/modules/auth/auth.implement.ts b/apps/core/src/modules/auth/auth.implement.ts
index 4762e975..beb432b3 100644
--- a/apps/core/src/modules/auth/auth.implement.ts
+++ b/apps/core/src/modules/auth/auth.implement.ts
@@ -138,7 +138,15 @@ export async function CreateAuth(
 
   const handler = async (req: IncomingMessage, res: ServerResponse) => {
     try {
-      res.setHeader('access-control-allow-credentials', 'true')
+      // cors
+      res.setHeader(
+        'Access-Control-Allow-Origin',
+        req.headers.origin || req.headers.referer || req.headers.host || '*',
+      )
+      res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS')
+      res.setHeader('Access-Control-Allow-Headers', 'Content-Type')
+      res.setHeader('Access-Control-Allow-Credentials', 'true')
+      res.setHeader('Access-Control-Max-Age', '86400')
 
       const clonedRequest = new IncomingMessage(req.socket)
       const handler = toNodeHandler(auth)(