@@ -8,12 +8,15 @@ dotenv.config();
88
99const app = express ( ) ;
1010
11+ // Trust proxy settings for proper client IP handling
12+ app . set ( 'trust proxy' , true ) ;
13+ 1114// Middleware
1215app . use ( express . json ( ) ) ;
1316app . use ( cors ( {
1417 origin : config . corsOrigin ,
1518 methods : [ 'GET' , 'POST' , 'PUT' , 'DELETE' , 'OPTIONS' ] ,
16- allowedHeaders : [ 'Content-Type' , 'x-api-key' , 'Authorization' , 'X-Requested-With' ] ,
19+ allowedHeaders : [ 'Content-Type' , 'x-api-key' , 'Authorization' , 'X-Requested-With' , 'X-Forwarded-For' , 'X-Real-IP' ] ,
1720 exposedHeaders : [ 'Content-Length' , 'Content-Type' ] ,
1821 credentials : true ,
1922 maxAge : 86400 ,
@@ -22,9 +25,16 @@ app.use(cors({
2225
2326// Add headers middleware
2427const headersMiddleware : RequestHandler = ( req , res , next ) => {
28+ // Get the actual client IP when behind a proxy
29+ const clientIP = req . headers [ 'x-forwarded-for' ] || req . headers [ 'x-real-ip' ] || req . ip ;
30+ 2531 res . header ( 'Access-Control-Allow-Origin' , '*' ) ;
2632 res . header ( 'Access-Control-Allow-Methods' , 'GET, POST, PUT, DELETE, OPTIONS' ) ;
27- res . header ( 'Access-Control-Allow-Headers' , 'Content-Type, x-api-key, Authorization, X-Requested-With' ) ;
33+ res . header ( 'Access-Control-Allow-Headers' , 'Content-Type, x-api-key, Authorization, X-Requested-With, X-Forwarded-For, X-Real-IP' ) ;
34+ 35+ // Set Cache-Control to no-cache for streaming responses
36+ res . header ( 'Cache-Control' , 'no-cache, no-transform' ) ;
37+ 2838 if ( req . method === 'OPTIONS' ) {
2939 res . status ( 204 ) . end ( ) ;
3040 return ;
0 commit comments