seth.computer
this repo has no description
Add CORS and cache headers to OAuth metadata endpoints
The client-metadata.json and jwks.json endpoints must be publicly
accessible by Bluesky's OAuth server. Added:
- Access-Control-Allow-Origin: * header
- Cache-Control header for reasonable caching
Note: The exe.dev proxy must be set to public for OAuth to work:
ssh exe.dev share set-public stdeditor
Co-authored-by: Shelley <shelley@exe.dev>
+7
src/server.ts
+7
src/server.ts
···
15
15
app.use('/public/*', serveStatic({ root: './' }));
16
16
17
17
// OAuth metadata endpoints at root level
18
+
// These MUST be publicly accessible (no authentication)
18
19
app.get('/client-metadata.json', async (c) => {
19
20
try {
20
21
const metadata = await getClientMetadata();
22
+
// Set appropriate cache headers
23
+
c.header('Cache-Control', 'public, max-age=600'); // Cache for 10 minutes
24
+
c.header('Access-Control-Allow-Origin', '*');
21
25
return c.json(metadata);
22
26
} catch (error) {
23
27
console.error('Error getting client metadata:', error);
···
28
32
app.get('/jwks.json', async (c) => {
29
33
try {
30
34
const jwks = await getJwks();
35
+
// Set appropriate cache headers
36
+
c.header('Cache-Control', 'public, max-age=600'); // Cache for 10 minutes
37
+
c.header('Access-Control-Allow-Origin', '*');
31
38
return c.json(jwks);
32
39
} catch (error) {
33
40
console.error('Error getting JWKS:', error);