Merge pull request #133 from MeshJS/bug/cors/subdomain-cache

feat(cors): add cache-busting headers and enhance CORS middleware opt…

Author: QSchlegel

src/lib/cors.ts

@@ -1,5 +1,6 @@
 import Cors from "cors";
 import initMiddleware from "./init-middleware";
+import type { NextApiResponse } from "next";
 
 const rawOrigins = process.env.CORS_ORIGINS || "";
 const allowedOrigins =
@@ -10,6 +11,8 @@ export const cors = initMiddleware(
     methods: ["GET", "POST", "OPTIONS"],
     allowedHeaders: ["Content-Type", "Authorization"],
     credentials: true,
+    optionsSuccessStatus: 200, // Some legacy browsers choke on 204
+    preflightContinue: false,
     origin: function (
       origin: string | undefined,
       callback: (err: Error | null, allow?: boolean) => void,
@@ -55,3 +58,11 @@ export const cors = initMiddleware(
     },
   }),
 );
+
+// Helper function to add cache-busting headers for CORS
+export function addCorsCacheBustingHeaders(res: NextApiResponse) {
+  res.setHeader('Cache-Control', 'no-cache, no-store, must-revalidate');
+  res.setHeader('Pragma', 'no-cache');
+  res.setHeader('Expires', '0');
+  res.setHeader('Vary', 'Origin');
+}

src/pages/api/v1/walletIds.ts

@@ -2,12 +2,15 @@ import { NextApiRequest, NextApiResponse } from "next";
 import { createCaller } from "@/server/api/root";
 import { db } from "@/server/db";
 import { verifyJwt } from "@/lib/verifyJwt";
-import { cors } from "@/lib/cors";
+import { cors, addCorsCacheBustingHeaders } from "@/lib/cors";
 
 export default async function handler(
   req: NextApiRequest,
   res: NextApiResponse,
 ) {
+  // Add cache-busting headers for CORS
+  addCorsCacheBustingHeaders(res);
+  
   await cors(req, res);
   if (req.method === "OPTIONS") {
     return res.status(200).end();