From 07955daa1ca9d1e17cb3664099438d1c1517eed9 Mon Sep 17 00:00:00 2001
From: Yiran Lu <yiranls@outlook.com>
Date: Tue, 15 Apr 2025 23:13:34 +0200
Subject: [PATCH] Allow setting CORS headers

---
 src/app.ts             | 12 ++++++++++++
 src/services/config.ts | 14 +++++++++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/src/app.ts b/src/app.ts
index 326c15efd..19eea047d 100644
--- a/src/app.ts
+++ b/src/app.ts
@@ -7,6 +7,7 @@ import compression from "compression";
 import { fileURLToPath } from "url";
 import { dirname } from "path";
 import sessionParser from "./routes/session_parser.js";
+import config from "./services/config.js";
 import utils from "./services/utils.js";
 import assets from "./routes/assets.js";
 import routes from "./routes/routes.js";
@@ -33,6 +34,17 @@ app.set("views", path.join(scriptDir, "views"));
 app.set("view engine", "ejs");
 
 app.use((req, res, next) => {
+    // set CORS header
+    if (config["Network"]["corsAllowOrigin"].length > 0) {
+        res.header("Access-Control-Allow-Origin", config["Network"]["corsAllowOrigin"]);
+    }
+    if (config["Network"]["corsAllowMethods"].length > 0) {
+        res.header("Access-Control-Allow-Methods", config["Network"]["corsAllowMethods"]);
+    }
+    if (config["Network"]["corsAllowHeaders"].length > 0) {
+        res.header("Access-Control-Allow-Headers", config["Network"]["corsAllowHeaders"]);
+    }
+
     res.locals.t = t;
     return next();
 });
diff --git a/src/services/config.ts b/src/services/config.ts
index eda656a79..5ef95aad0 100644
--- a/src/services/config.ts
+++ b/src/services/config.ts
@@ -29,6 +29,9 @@ export interface TriliumConfig {
         certPath: string;
         keyPath: string;
         trustedReverseProxy: boolean | string;
+        corsAllowOrigin: string;
+        corsAllowMethods: string;
+        corsAllowHeaders: string;
     };
     Session: {
         cookieMaxAge: number;
@@ -79,7 +82,16 @@ const config: TriliumConfig = {
             process.env.TRILIUM_NETWORK_KEYPATH || iniConfig.Network.keyPath || "",
 
         trustedReverseProxy:
-            process.env.TRILIUM_NETWORK_TRUSTEDREVERSEPROXY || iniConfig.Network.trustedReverseProxy || false
+            process.env.TRILIUM_NETWORK_TRUSTEDREVERSEPROXY || iniConfig.Network.trustedReverseProxy || false,
+
+        corsAllowOrigin:
+            process.env.TRILIUM_CORS_ALLOW_ORIGIN || iniConfig.Network.corsAllowOrigin || "",
+
+        corsAllowMethods:
+            process.env.TRILIUM_CORS_ALLOW_METHODS || iniConfig.Network.corsAllowMethods || "",
+
+        corsAllowHeaders:
+            process.env.TRILIUM_CORS_ALLOW_HEADERS || iniConfig.Network.corsAllowHeaders || ""
     },
 
     Session: {