Refactor CORS header handling in authentication endpoints

Update the CORS header variable name from 'origin' to 'requestOrigin' in both login and registration API endpoints for improved clarity and consistency. This change enhances the readability of the code while maintaining support for cross-device authentication.

server/api/auth/passkeys/login.post.js

@@ -19,9 +19,9 @@ function findUserByCredentialId(users, credentialId) {
 
 export default defineEventHandler(async (event) => {
   // CORS-Header für Cross-Device Authentication
-  const origin = getHeader(event, 'origin')
+  const requestOrigin = getHeader(event, 'origin')
-  if (origin) {
+  if (requestOrigin) {
-    setHeader(event, 'Access-Control-Allow-Origin', origin)
+    setHeader(event, 'Access-Control-Allow-Origin', requestOrigin)
     setHeader(event, 'Access-Control-Allow-Credentials', 'true')
     setHeader(event, 'Access-Control-Allow-Methods', 'POST, OPTIONS')
     setHeader(event, 'Access-Control-Allow-Headers', 'Content-Type, Authorization')

server/api/auth/passkeys/register.post.js

@@ -7,9 +7,9 @@ import { writeAuditLog } from '../../../utils/audit-log.js'
 
 export default defineEventHandler(async (event) => {
   // CORS-Header für Cross-Device Authentication
-  const origin = getHeader(event, 'origin')
+  const requestOrigin = getHeader(event, 'origin')
-  if (origin) {
+  if (requestOrigin) {
-    setHeader(event, 'Access-Control-Allow-Origin', origin)
+    setHeader(event, 'Access-Control-Allow-Origin', requestOrigin)
     setHeader(event, 'Access-Control-Allow-Credentials', 'true')
     setHeader(event, 'Access-Control-Allow-Methods', 'POST, OPTIONS')
     setHeader(event, 'Access-Control-Allow-Headers', 'Content-Type, Authorization')