From 23ec6f215c7106214252161b0119d2e8a3c91b16 Mon Sep 17 00:00:00 2001
From: SrGooglo <srgooglo@ragestudio.net>
Date: Mon, 12 May 2025 02:57:32 +0000
Subject: [PATCH] Refactor OPTIONS handling for conditional CORS bypass

OPTIONS requests are now only handled by this middleware if
`bypassCors` is true, in which case permissive CORS headers are added.
If `bypassCors` is false, OPTIONS requests will proceed to subsequent
middleware instead of returning an empty 204 response.
---
 server/src/engines/he/index.js | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/server/src/engines/he/index.js b/server/src/engines/he/index.js
index 62b9845..d2f5270 100755
--- a/server/src/engines/he/index.js
+++ b/server/src/engines/he/index.js
@@ -45,8 +45,15 @@ export default class Engine {
 	}
 
 	mainMiddleware = async (req, res, next) => {
-		if (req.method === "OPTIONS") {
-			return res.status(204).end()
+		if (this.server.params.bypassCors === true) {
+			if (req.method === "OPTIONS") {
+				res.setHeader("Access-Control-Allow-Origin", "*")
+				res.setHeader("Access-Control-Allow-Methods", "*")
+				res.setHeader("Access-Control-Allow-Headers", "*")
+				res.setHeader("Access-Control-Allow-Credentials", "true")
+
+				return res.status(204).end()
+			}
 		}
 
 		// register body parser