CognxSafeTrack commited on
Commit Β·
ac6a112
1
Parent(s): 24ee76e
fix: allow CORS preflight OPTIONS requests in guarded routes
Browse files- Dockerfile +1 -1
- apps/api/src/index.ts +3 -0
Dockerfile
CHANGED
|
@@ -41,7 +41,7 @@ EXPOSE 7860
|
|
| 41 |
ENV PORT=7860
|
| 42 |
|
| 43 |
# Force Docker cache invalidation - bump date to trigger clean rebuild
|
| 44 |
-
ENV REBUILD_DATE="2026-04-22-
|
| 45 |
|
| 46 |
# SAFETY: Default to skipping DB push to prevent schema drift.
|
| 47 |
# Only Railway (api service) should push schema β it overrides SKIP_DB_PUSH=false in its variables.
|
|
|
|
| 41 |
ENV PORT=7860
|
| 42 |
|
| 43 |
# Force Docker cache invalidation - bump date to trigger clean rebuild
|
| 44 |
+
ENV REBUILD_DATE="2026-04-22-v16-cors-preflight-fix"
|
| 45 |
|
| 46 |
# SAFETY: Default to skipping DB push to prevent schema drift.
|
| 47 |
# Only Railway (api service) should push schema β it overrides SKIP_DB_PUSH=false in its variables.
|
apps/api/src/index.ts
CHANGED
|
@@ -82,6 +82,9 @@ server.register(stripeWebhookRoute, { prefix: '/v1/payments' });
|
|
| 82 |
// ββ Private Routes (require ADMIN_API_KEY) βββββββββββββββββββββββββββββββββββββ
|
| 83 |
server.register(async function guardedRoutes(scope) {
|
| 84 |
scope.addHook('onRequest', async (request, reply) => {
|
|
|
|
|
|
|
|
|
|
| 85 |
const apiKey = process.env.ADMIN_API_KEY;
|
| 86 |
|
| 87 |
if (!apiKey) {
|
|
|
|
| 82 |
// ββ Private Routes (require ADMIN_API_KEY) βββββββββββββββββββββββββββββββββββββ
|
| 83 |
server.register(async function guardedRoutes(scope) {
|
| 84 |
scope.addHook('onRequest', async (request, reply) => {
|
| 85 |
+
// π¨ CORS FIX: Skip authentication for preflight OPTIONS requests
|
| 86 |
+
if (request.method === 'OPTIONS') return;
|
| 87 |
+
|
| 88 |
const apiKey = process.env.ADMIN_API_KEY;
|
| 89 |
|
| 90 |
if (!apiKey) {
|