commit 00037f6d3af5ab6381900d7483228fe684fdce60 · @notnite.com/moonlight

this repo has no description

injector: Fix CORS bypass breaking when the header is already served

NotNite 1 month ago 1 files (+7, -1)

Changed files

packages/injector/src/index.ts

MODIFIED packages/injector/src/index.ts

@@ -131,7 +131,13 @@ }
 
         // Allow plugins to bypass CORS for specific URLs
         if (corsAllow.some((x) => details.url.startsWith(x))) {
-          details.responseHeaders["access-control-allow-origin"] = ["*"];
+          if (!details.responseHeaders) details.responseHeaders = {};
+
+          // Work around HTTP header case sensitivity by reusing the header name if it exists
+          // https://github.com/moonlight-mod/moonlight/issues/201
+          const fallback = "access-control-allow-origin";
+          const key = Object.keys(details.responseHeaders).find((h) => h.toLowerCase() === fallback) ?? fallback;
+          details.responseHeaders[key] = ["*"];
         }
 
         cb({ cancel: false, responseHeaders: details.responseHeaders });