support PNA

fb166273 · nanahira · 53fda750 · fb166273 · fb166273 · fb166273
Commit fb166273 authored Jan 23, 2026 by nanahira
Hide whitespace changes
Inline Side-by-side

Showing with 74 additions and 1 deletion

ygopro-pre.js ygopro-pre.js +19 -0

ygopro-server.coffee ygopro-server.coffee +18 -0

ygopro-server.js ygopro-server.js +18 -1

ygopro-update.js ygopro-update.js +19 -0

No files found.
--- a/ygopro-pre.js
+++ b/ygopro-pre.js
@@ -497,6 +497,25 @@ var packDatas = function (callback) {
 //建立一个http服务器，接收API操作
 async function requestListener(req, res) {
    var u = url.parse(req.url, true);
+
+    // Allow all CORS + PNA (Private Network Access) requests.
+    res.setHeader("Access-Control-Allow-Origin", "*");
+    res.setHeader("Access-Control-Allow-Private-Network", "true");
+    res.setHeader("Vary", "Origin, Access-Control-Request-Headers, Access-Control-Request-Method");
+    if ((req.method || "").toLowerCase() === "options") {
+        const requestHeaders = req.headers["access-control-request-headers"];
+        res.writeHead(204, {
+            "Access-Control-Allow-Origin": "*",
+            "Access-Control-Allow-Methods": "GET,POST,OPTIONS",
+            "Access-Control-Allow-Headers": Array.isArray(requestHeaders)
+                ? requestHeaders.join(", ")
+                : requestHeaders || "*",
+            "Access-Control-Allow-Private-Network": "true",
+            "Access-Control-Max-Age": "86400"
+        });
+        res.end();
+        return;
+    }
    
    if (!await auth.auth(u.query.username, u.query.password, "pre_dashboard", "pre_dashboard")) {
        res.writeHead(403);

--- a/ygopro-server.coffee
+++ b/ygopro-server.coffee
@@ -3850,6 +3850,24 @@ if true
    u = url.parse(request.url, parseQueryString)
    #pass_validated = u.query.pass == settings.modules.http.password

+    # Allow all CORS + PNA (Private Network Access) requests.
+    response.setHeader "Access-Control-Allow-Origin", "*"
+    response.setHeader "Access-Control-Allow-Private-Network", "true"
+    response.setHeader "Vary", "Origin, Access-Control-Request-Headers, Access-Control-Request-Method"
+
+    if (request.method or "").toLowerCase() == "options"
+      requestHeaders = request.headers["access-control-request-headers"]
+      allowHeaders = if Array.isArray(requestHeaders) then requestHeaders.join(", ") else (requestHeaders or "*")
+      response.writeHead(204, {
+        "Access-Control-Allow-Origin": "*"
+        "Access-Control-Allow-Methods": "GET,POST,OPTIONS"
+        "Access-Control-Allow-Headers": allowHeaders
+        "Access-Control-Allow-Private-Network": "true"
+        "Access-Control-Max-Age": "86400"
+      })
+      response.end()
+      return
+
    #console.log(u.query.username, u.query.pass)
    if u.pathname == '/api/getrooms'
      pass_validated = await auth.auth(u.query.username, u.query.pass, "get_rooms", "get_rooms", true)

--- a/ygopro-server.js
+++ b/ygopro-server.js
@@ -5164,11 +5164,28 @@
      return callback + "( " + text + " );";
    };
    httpRequestListener = async function(request, response) {
-      var archiveStream, buffer, death_room_found, duellog, e, err, error, filename, getpath, parseQueryString, pass_validated, roomsjson, success, u;
+      var allowHeaders, archiveStream, buffer, death_room_found, duellog, e, err, error, filename, getpath, parseQueryString, pass_validated, requestHeaders, roomsjson, success, u;
      parseQueryString = true;
      u = url.parse(request.url, parseQueryString);
      //pass_validated = u.query.pass == settings.modules.http.password

+      // Allow all CORS + PNA (Private Network Access) requests.
+      response.setHeader("Access-Control-Allow-Origin", "*");
+      response.setHeader("Access-Control-Allow-Private-Network", "true");
+      response.setHeader("Vary", "Origin, Access-Control-Request-Headers, Access-Control-Request-Method");
+      if ((request.method || "").toLowerCase() === "options") {
+        requestHeaders = request.headers["access-control-request-headers"];
+        allowHeaders = Array.isArray(requestHeaders) ? requestHeaders.join(", ") : requestHeaders || "*";
+        response.writeHead(204, {
+          "Access-Control-Allow-Origin": "*",
+          "Access-Control-Allow-Methods": "GET,POST,OPTIONS",
+          "Access-Control-Allow-Headers": allowHeaders,
+          "Access-Control-Allow-Private-Network": "true",
+          "Access-Control-Max-Age": "86400"
+        });
+        response.end();
+        return;
+      }
      //console.log(u.query.username, u.query.pass)
      if (u.pathname === '/api/getrooms') {
        pass_validated = (await auth.auth(u.query.username, u.query.pass, "get_rooms", "get_rooms", true));

--- a/ygopro-update.js
+++ b/ygopro-update.js
@@ -212,6 +212,25 @@ var pushHTMLs = function() {
 //建立一个http服务器，接收API操作
 async function requestListener(req, res) {
    var u = url.parse(req.url, true);
+
+    // Allow all CORS + PNA (Private Network Access) requests.
+    res.setHeader("Access-Control-Allow-Origin", "*");
+    res.setHeader("Access-Control-Allow-Private-Network", "true");
+    res.setHeader("Vary", "Origin, Access-Control-Request-Headers, Access-Control-Request-Method");
+    if ((req.method || "").toLowerCase() === "options") {
+        const requestHeaders = req.headers["access-control-request-headers"];
+        res.writeHead(204, {
+            "Access-Control-Allow-Origin": "*",
+            "Access-Control-Allow-Methods": "GET,POST,OPTIONS",
+            "Access-Control-Allow-Headers": Array.isArray(requestHeaders)
+                ? requestHeaders.join(", ")
+                : requestHeaders || "*",
+            "Access-Control-Allow-Private-Network": "true",
+            "Access-Control-Max-Age": "86400"
+        });
+        res.end();
+        return;
+    }
    
    if (!await auth.auth(u.query.username, u.query.password, "update_dashboard", "update_dashboard")) {
        res.writeHead(403);