Fix chat API CORS preflight handling by FenjuFu · Pull Request #2 · iflytek/astronclaw-tutorial

FenjuFu · 2026-03-19T07:34:39Z

The browser was blocking requests to /api/chat with No 'Access-Control-Allow-Origin' header is present because the preflight OPTIONS response did not consistently include CORS headers, so the server must always respond to preflight and expose the expected headers.

Removed the generic cors() middleware and added a whitelist ALLOWED_ORIGINS set including https://iflytek.github.io and local Vite origins.
Added applyCors to set Access-Control-Allow-Origin, Vary, Access-Control-Allow-Methods, and Access-Control-Allow-Headers when the request Origin matches the whitelist.
Added a middleware that applies CORS headers and immediately returns 204 for OPTIONS requests while leaving the existing /api/chat proxy logic intact.

Ran a syntax check with node -c server.js, which succeeded.
Sent a preflight check with curl -i -X OPTIONS 'http://127.0.0.1:3001/api/chat' -H 'Origin: https://iflytek.github.io' -H 'Access-Control-Request-Method: POST' -H 'Access-Control-Request-Headers: content-type', which returned 204 No Content with the expected CORS headers.
Sent a test POST with curl which reached the server and included CORS headers but the upstream proxy fetch failed in this environment (so POST reachability to the external API remains an external/network issue).

Fix chat API CORS preflight handling

9e11972

FenjuFu added the codex label Mar 19, 2026 — with ChatGPT Codex Connector

FenjuFu merged commit 9ea525c into main Mar 19, 2026

vsxd deleted the codex/fix-cors-policy-error-for-api branch April 1, 2026 14:48

Provide feedback