From b7649b2714cb78a8eb085dd3d3632bcebd4bf315 Mon Sep 17 00:00:00 2001
From: pagoru <pagoru@gmail.com>
Date: Sat, 14 Dec 2024 01:04:18 +0100
Subject: [PATCH] fix: allow origin to be only the same - fix #223

---
 app/server/src/modules/system/api.ts | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/app/server/src/modules/system/api.ts b/app/server/src/modules/system/api.ts
index 799b488..6a8ea60 100644
--- a/app/server/src/modules/system/api.ts
+++ b/app/server/src/modules/system/api.ts
@@ -34,11 +34,14 @@ export const api = () => {
 
         try {
           const { url, method } = request;
-          if (method === RequestMethod.OPTIONS)
+          if (method === RequestMethod.OPTIONS) {
+            const headers = getCORSHeaders() as Headers;
+            headers.set("Access-Control-Allow-Origin", System.getConfig().url);
             return new Response(null, {
               headers: getCORSHeaders(),
               status: 204,
             });
+          }
 
           const parsedUrl = new URL(url);
 
@@ -76,6 +79,10 @@ export const api = () => {
           if (foundMethodRequest) {
             const response = await foundMethodRequest.func(request, parsedUrl);
             appendCORSHeaders(response.headers);
+            response.headers.set(
+              "Access-Control-Allow-Origin",
+              System.getConfig().url,
+            );
             return response;
           }
           if (foundRequests.length)