chore: enhance CORS configuration in bootstrap and auth implementation

- Added comprehensive CORS methods support in `bootstrap.ts` to allow various HTTP methods.
- Removed redundant CORS headers from the `CreateAuth` function in `auth.implement.ts` to streamline the response handling.

Signed-off-by: Innei <[email protected]>

Author: Innei

apps/core/src/bootstrap.ts

@@ -42,6 +42,7 @@ export async function bootstrap() {
 
   const allowAllCors: FastifyCorsOptions = {
     credentials: true,
+    methods: ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'],
     origin: (origin, callback) => callback(null, origin || ''),
   }
   // Origin 如果不是数组就全部允许跨域
@@ -69,6 +70,7 @@ export async function bootstrap() {
             credentials: true,
             preflightContinue: false,
             optionsSuccessStatus: 204,
+            methods: ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'],
           }
         : allowAllCors,
   )

apps/core/src/modules/auth/auth.implement.ts

@@ -138,12 +138,6 @@ export async function CreateAuth(
 
   const handler = async (req: IncomingMessage, res: ServerResponse) => {
     try {
-      res.setHeader('access-control-allow-methods', 'GET, POST')
-      res.setHeader('access-control-allow-headers', 'content-type')
-      res.setHeader(
-        'Access-Control-Allow-Origin',
-        req.headers.origin || req.headers.referer || req.headers.host || '*',
-      )
       res.setHeader('access-control-allow-credentials', 'true')
 
       const clonedRequest = new IncomingMessage(req.socket)