From 97e5605991a2f6b7208f1f6ba13ce83f85b6b798 Mon Sep 17 00:00:00 2001
From: wood chen <wood@czl.net>
Date: Sat, 8 Feb 2025 02:21:49 +0800
Subject: [PATCH] Enhance CORS and fetch configuration with more secure and
 flexible settings

---
 main.ts | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/main.ts b/main.ts
index 323bd57..bb6ed4e 100644
--- a/main.ts
+++ b/main.ts
@@ -552,7 +552,14 @@ const html = `<!DOCTYPE html>
 
             tbody.innerHTML = '<tr><td colspan="11" class="text-center">加载中...</td></tr>';
 
-            fetch(API_BASE_URL + '/api/prices')
+            fetch(API_BASE_URL + '/api/prices', {
+                method: 'GET',
+                mode: 'cors',
+                credentials: 'include',
+                headers: {
+                    'Accept': 'application/json'
+                }
+            })
                 .then(response => {
                     console.log('Response:', response);
                     if (!response.ok) {
@@ -861,9 +868,9 @@ function validateData(data: any): string | null {
 // 修改处理函数
 async function handler(req: Request): Promise<Response> {
     const headers = {
-        "Access-Control-Allow-Origin": "*",
+        "Access-Control-Allow-Origin": req.headers.get("origin") || "*",
         "Access-Control-Allow-Methods": "GET, POST, OPTIONS, PUT, DELETE",
-        "Access-Control-Allow-Headers": "Content-Type, Cookie, Authorization",
+        "Access-Control-Allow-Headers": "Content-Type, Cookie, Authorization, Accept",
         "Access-Control-Allow-Credentials": "true",
         "Access-Control-Max-Age": "86400"
     };