import { NextResponse } from "next/server"; import type { NextRequest } from "next/server"; const ALLOWED_ORIGINS = [ "https://falahos.my", "https://www.falahos.my", "http://localhost:3000", "http://localhost:4013", "http://localhost:4014", ]; export function middleware(request: NextRequest) { const origin = request.headers.get("origin") || ""; const isAllowed = !origin || ALLOWED_ORIGINS.includes(origin); const response = NextResponse.next(); if (origin && isAllowed) { response.headers.set("Access-Control-Allow-Origin", origin); response.headers.set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS"); response.headers.set("Access-Control-Allow-Headers", "Content-Type, Authorization"); response.headers.set("Access-Control-Max-Age", "86400"); response.headers.set("Vary", "Origin"); } else if (origin && !isAllowed) { response.headers.set("Access-Control-Allow-Origin", "https://falahos.my"); response.headers.set("Vary", "Origin"); } if (request.method === "OPTIONS") { return new NextResponse(null, { status: 204, headers: response.headers, }); } return response; } export const config = { matcher: "/api/:path*", };