Next's auto-OPTIONS doesn't carry middleware headers, so we answer preflight here.
(policy: CorsPolicy)
| 111 | |
| 112 | /** Next's auto-OPTIONS doesn't carry middleware headers, so we answer preflight here. */ |
| 113 | function buildPreflightResponse(policy: CorsPolicy): NextResponse { |
| 114 | const response = new NextResponse(null, { status: 204 }) |
| 115 | applyCorsHeaders(response, policy) |
| 116 | response.headers.set('Access-Control-Max-Age', CORS_PREFLIGHT_MAX_AGE) |
| 117 | return response |
| 118 | } |
| 119 | |
| 120 | const SUSPICIOUS_UA_PATTERNS = [ |
| 121 | /^\s*$/, // Empty user agents |
no test coverage detected