You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What runtime/platform is your app running on? (with version if possible)
Bun
What steps can reproduce the bug?
For example I have localhost, so in cors origin should be localhost as well. but to test if CORS is work try to replace the localhost into example.com Then try your frontend
What is the expected behavior?
It should throw an error because localhost is not accepted
What do you see instead?
It can proceed to next or can access my backend
Additional information
import { cors } from "hono/cors";
import { createMiddleware } from "hono/factory";
import logger from "../configs/winston-config";
import { ErrorTypeCode } from "../error-type";
import { getCookie } from "hono/cookie";
import { lucia } from "../configs/lucia-config";
if (!Bun.env.APP_DOMAIN) {
throw new Error("APP_DOMAIN environment variable is not set");
}
const corsForSession = cors({
origin: "example.com",
credentials: true,
});
const corsForApiKey = cors({
origin: "*",
allowHeaders: ["x-frontida-key"],
});
const corsExtension = createMiddleware(async (c, next) => {
const origin = c.req.header("origin");
logger.info(`CORS middleware: ${c.req.url} with origin of ${origin}`);
const apiKey = c.req.header("x-emerald-key");
const sessionCookie = getCookie(c, lucia.sessionCookieName);
if (apiKey && sessionCookie) {
logger.error(
"Both API key and session cookie are present, rejecting request"
);
return c.json(
{
error: "Using both API key and session cookie is forbidden",
code: ErrorTypeCode.GeneralConflict,
},
400
);
}
if (apiKey) {
c.set("authorizationType", "api-key");
logger.info("API key provided, passing request to next middleware");
return await corsForApiKey(c, next);
} else {
c.set("authorizationType", "cookie");
logger.info(
"Defaulting to session cookie, passing request to next middleware"
);
return await corsForSession(c, next);
}
});
export default corsExtension;
Be note that I can access my front end using localhost, then to access my backend is localhost/api
The text was updated successfully, but these errors were encountered:
What version of Hono are you using?
4.6.16
What runtime/platform is your app running on? (with version if possible)
Bun
What steps can reproduce the bug?
For example I have localhost, so in cors origin should be localhost as well. but to test if CORS is work try to replace the localhost into example.com Then try your frontend
What is the expected behavior?
What do you see instead?
It can proceed to next or can access my backend
Additional information
Be note that I can access my front end using localhost, then to access my backend is localhost/api
The text was updated successfully, but these errors were encountered: