nucleo000/RepoDructor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
493d236dc40f60d730cbbcf6ed962a7d546bafdd
RepoDructor/server/middleware/proxy-headers.ts

62 lines
2.3 KiB
TypeScript
Raw Blame History

export default defineEventHandler(async (event) => {
const url = getRequestURL(event)
// Fix MIME type issues for Nuxt assets
if (url.pathname.startsWith('/_nuxt/')) {
const ext = url.pathname.split('.').pop()?.toLowerCase()
switch (ext) {
case 'js':
setHeader(event, 'Content-Type', 'application/javascript; charset=utf-8')
break
case 'mjs':
setHeader(event, 'Content-Type', 'application/javascript; charset=utf-8')
break
case 'css':
setHeader(event, 'Content-Type', 'text/css; charset=utf-8')
break
case 'json':
setHeader(event, 'Content-Type', 'application/json; charset=utf-8')
break
case 'svg':
setHeader(event, 'Content-Type', 'image/svg+xml; charset=utf-8')
break
}
}
// Handle proxy headers for API requests
if (url.pathname.startsWith('/api/')) {
// Trust proxy headers
const realIP = getHeader(event, 'x-real-ip') || getHeader(event, 'x-forwarded-for')
const proto = getHeader(event, 'x-forwarded-proto') || 'http'
const host = getHeader(event, 'host')
// Set CORS headers for cross-origin requests through proxy
setHeader(event, 'Access-Control-Allow-Origin', '*')
setHeader(event, 'Access-Control-Allow-Methods', 'GET, POST, OPTIONS')
setHeader(event, 'Access-Control-Allow-Headers', 'Content-Type, Authorization, Range')
// Handle music file requests specially
if (url.pathname.startsWith('/api/music/')) {
// Ensure proper caching headers for audio files
setHeader(event, 'Cache-Control', 'public, max-age=3600') // 1 hour cache
setHeader(event, 'Accept-Ranges', 'bytes')
// Add security headers (but allow DevTools)
setHeader(event, 'X-Content-Type-Options', 'nosniff')
// Don't set X-Frame-Options DENY for development
if (process.env.NODE_ENV === 'production') {
setHeader(event, 'X-Frame-Options', 'DENY')
}
}
}
// Handle OPTIONS preflight requests
if (event.node.req.method === 'OPTIONS') {
setHeader(event, 'Access-Control-Allow-Origin', '*')
setHeader(event, 'Access-Control-Allow-Methods', 'GET, POST, OPTIONS')
setHeader(event, 'Access-Control-Allow-Headers', 'Content-Type, Authorization, Range')
setResponseStatus(event, 200)
return ''
}
})
Reference in New Issue View Git Blame Copy Permalink