Refactor CORS header handling in authentication endpoints

Update the CORS header variable name from 'origin' to 'requestOrigin' in both login and registration API endpoints for improved clarity and consistency. This change enhances the readability of the code while maintaining support for cross-device authentication.
2026-01-07 21:02:58 +01:00
parent ad21534862
commit e7e9d7815c
2 changed files with 6 additions and 6 deletions
--- a/server/api/auth/passkeys/register.post.js
+++ b/server/api/auth/passkeys/register.post.js
@@ -7,9 +7,9 @@ import { writeAuditLog } from '../../../utils/audit-log.js'

 export default defineEventHandler(async (event) => {
  // CORS-Header für Cross-Device Authentication
-  const origin = getHeader(event, 'origin')
-  if (origin) {
-    setHeader(event, 'Access-Control-Allow-Origin', origin)
+  const requestOrigin = getHeader(event, 'origin')
+  if (requestOrigin) {
+    setHeader(event, 'Access-Control-Allow-Origin', requestOrigin)
    setHeader(event, 'Access-Control-Allow-Credentials', 'true')
    setHeader(event, 'Access-Control-Allow-Methods', 'POST, OPTIONS')
    setHeader(event, 'Access-Control-Allow-Headers', 'Content-Type, Authorization')