Added CORS header to responses for the new endpoints.

These issue simple requests so they don't need preflight, but they do need the relevant header. Also added it to the error/redirect responses as well so that web apps get a nicer error message than "CORS failure".
ArtifactDB · May 9, 2024 · 5f58f49 · 5f58f49
1 parent ac09113
commit 5f58f49
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 6 deletions.
diff --git a/src/index.js b/src/index.js
@@ -95,16 +95,28 @@ router.get("/list", read.listFilesHandler);
 /*** Setting up the listener ***/
 
 router.get("/", () => {
-    return new Response(null, { headers: { "Location": "https://artifactdb.github.io/gypsum-worker" }, status: 301 })
+    return new Response(null, { 
+        headers: { 
+            "Location": "https://artifactdb.github.io/gypsum-worker",
+            "Access-Control-Allow-Origin": '*' 
+        }, 
+        status: 301 
+    })
 })
 
 router.all('*', request => { 
     const u = request.url;
     const pattern = /([^:])(\/\/+)/g;
     if (u.match(pattern)) {
-        return new Response(null, { headers: { "Location": u.replace(pattern, "$1/") }, status: 301 })
+        return new Response(null, {
+            headers: { 
+                "Location": u.replace(pattern, "$1/"), 
+                'Access-Control-Allow-Origin': '*'
+            }, 
+            status: 301 
+        })
     }
-    return http.errorResponse("no such endpoint", 404);
+    return http.errorResponse("no such endpoint", 404, { 'Access-Control-Allow-Origin': '*' });
 })
 
 export default {
@@ -120,9 +132,9 @@ fetch(request, env, context) {
         .fetch(request, env, nonblockers)
         .catch(error => {
             if (error instanceof http.HttpError) {
-                return http.errorResponse(error.message, error.statusCode);
+                return http.errorResponse(error.message, error.statusCode, { 'Access-Control-Allow-Origin': '*' });
             } else {
-                return http.errorResponse(error.message, 500);
+                return http.errorResponse(error.message, 500, { 'Access-Control-Allow-Origin': '*' });
             }
         });
 

diff --git a/src/read.js b/src/read.js
@@ -7,6 +7,7 @@ function createHeaders(payload) {
     headers.set('etag', payload.httpEtag);
     headers.set('Last-Modified', payload.uploaded.toUTCString());
     headers.set("Content-Length", payload.size);
+    headers.set("Access-Control-Allow-Origin", "*");
     return headers;
 }
 
@@ -40,5 +41,5 @@ export async function listFilesHandler(request, env, nonblockers) {
     }
     let collected = [];
     await s3.listApply(prefix, x => collected.push(x), env, { trimPrefix: false, stripTrailingSlash: false, local: !recursive });
-    return new http.jsonResponse(collected, 200);
+    return new http.jsonResponse(collected, 200, { "Access-Control-Allow-Origin": "*" });
 }