Refine CORS settings in file download handlers and update viewer behavior for mobile and authenticated web

2026-01-25 20:24:07 +01:00
parent ad882ae509
commit 5dd6d79d4c
3 changed files with 17 additions and 6 deletions
--- a/go_cloud/bin/api
+++ b/go_cloud/bin/api
--- a/go_cloud/internal/http/routes.go
+++ b/go_cloud/internal/http/routes.go
@@ -2417,7 +2417,9 @@ func downloadOrgFileHandler(w http.ResponseWriter, r *http.Request, db *database
 	// which supports all common video/audio/image formats
 	contentType := getMimeType(fileName)

-	w.Header().Set("Access-Control-Allow-Origin", "*")
+	w.Header().Set("Access-Control-Allow-Origin", "https://www.b0esche.cloud")
+	w.Header().Set("Access-Control-Allow-Credentials", "true")
+	w.Header().Set("Access-Control-Allow-Headers", "Authorization, Range")
 	w.Header().Set("Content-Disposition", fmt.Sprintf("inline; filename=\"%s\"", fileName))
 	w.Header().Set("Content-Type", contentType)
 	w.Header().Set("Accept-Ranges", "bytes")
@@ -2565,7 +2567,9 @@ func downloadUserFileHandler(w http.ResponseWriter, r *http.Request, db *databas
 	// which supports all common video/audio/image formats
 	contentType := getMimeType(fileName)

-	w.Header().Set("Access-Control-Allow-Origin", "*")
+	w.Header().Set("Access-Control-Allow-Origin", "https://www.b0esche.cloud")
+	w.Header().Set("Access-Control-Allow-Credentials", "true")
+	w.Header().Set("Access-Control-Allow-Headers", "Authorization, Range")
 	w.Header().Set("Content-Disposition", fmt.Sprintf("inline; filename=\"%s\"", fileName))
 	w.Header().Set("Content-Type", contentType)
 	w.Header().Set("Accept-Ranges", "bytes")