From 08730c5486513cc7a185cecff2f2ecefc9dc5869 Mon Sep 17 00:00:00 2001
From: Jon Breen <jonbreen@outlook.com>
Date: Tue, 30 Apr 2024 18:37:03 +0100
Subject: [PATCH] Set up origin list and added allow credentials

---
 src/index.ts | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/index.ts b/src/index.ts
index 5e7054c..c873d6e 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -10,16 +10,22 @@ export interface Env {
 
 export default {
 		async fetch(request: Request, env: Env) {
+				const allowedOrigins: Array<string> = ["https://cultpodcasts.com".toLowerCase(), "http://localhost:4200".toLowerCase()];
+				let origin = request.headers.get("Origin");
+				if (origin == null || allowedOrigins.indexOf(origin.toLowerCase()) == -1) {
+						origin = allowedOrigins[0];
+				}
 				const leechHandlingActive = false;
 				const { pathname, searchParams } = new URL(request.url);
 				const homeRoute = "/homepage";
 				const searchRoute = "/api";
 				const submitRoute = "/submit";
 				const corsHeaders = {
-						"Access-Control-Allow-Origin": "*", //"https://cultpodcasts.com",
+						"Access-Control-Allow-Origin": origin,
 						"Access-Control-Allow-Methods": "GET,HEAD,POST,OPTIONS",
 						"Access-Control-Max-Age": "86400",
-						"Access-Control-Allow-Headers": "content-type,authorization"
+						"Access-Control-Allow-Headers": "content-type,authorization",
+						"Access-Control-Allow-Credentials": "true"
 				};
 
 				if (request.method === "OPTIONS") {