From 710ccbe982d33617c88f758cf5dfa8ef565832da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Michelle?= Date: Fri, 9 Jan 2026 17:50:52 +0100 Subject: [PATCH] adds safe isDevOrLocalhost --- deploy/run.ts | 35 ++++++++----------- .../src/engine/EnginePreferencesSchema.ts | 5 ++- 2 files changed, 19 insertions(+), 21 deletions(-) diff --git a/deploy/run.ts b/deploy/run.ts index 0e9f6359..e3460651 100644 --- a/deploy/run.ts +++ b/deploy/run.ts @@ -19,29 +19,13 @@ const envFolder = isMainBranch ? "main" : "dev" const readBuildInfo = () => JSON.parse(fs.readFileSync(buildInfoPath, "utf8")) const createRootHtaccess = (mainReleaseDir: string, devReleaseDir: string) => `# openDAW # - - - RewriteEngine On - RewriteBase / - - # Dynamic CORS: Allow opendaw.studio, dev.opendaw.studio, and localhost:8080-8089 - RewriteCond %{HTTP:Origin} ^(https://opendaw\\.studio|https://dev\\.opendaw\\.studio|https://localhost:808[0-9])$ [NC] - RewriteRule .* - [E=ORIGIN_ALLOWED:%{HTTP:Origin}] - - - Header set Access-Control-Allow-Origin "%{ORIGIN_ALLOWED}e" env=ORIGIN_ALLOWED - Header set Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE" - Header set Access-Control-Allow-Headers "Authorization, Content-Type, X-Requested-With" - Header set Access-Control-Allow-Credentials "true" - Header set Cross-Origin-Opener-Policy "same-origin" - Header set Cross-Origin-Embedder-Policy "require-corp" - Header set Cross-Origin-Resource-Policy "cross-origin" - Header always set Vary "Origin" - - RewriteEngine On RewriteBase / +# Dynamic CORS: Allow opendaw.studio, dev.opendaw.studio, and localhost:8080-8089 +RewriteCond %{HTTP:Origin} ^(https://opendaw\\.studio|https://dev\\.opendaw\\.studio|https://localhost:808[0-9])$ [NC] +RewriteRule .* - [E=ORIGIN_ALLOWED:%{HTTP:Origin}] + # -------------------------------------------------- # Allow extract.php to execute (don't redirect it) RewriteRule ^extract\\.php$ - [L] @@ -58,6 +42,17 @@ RewriteRule ^(.*)$ ${devReleaseDir}/$1 [L] RewriteCond %{HTTP_HOST} ^opendaw\\.studio$ [NC] RewriteRule ^(.*)$ ${mainReleaseDir}/$1 [L] # -------------------------------------------------- + + + Header set Access-Control-Allow-Origin "%{ORIGIN_ALLOWED}e" env=ORIGIN_ALLOWED + Header set Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE" + Header set Access-Control-Allow-Headers "Authorization, Content-Type, X-Requested-With" + Header set Access-Control-Allow-Credentials "true" + Header set Cross-Origin-Opener-Policy "same-origin" + Header set Cross-Origin-Embedder-Policy "require-corp" + Header set Cross-Origin-Resource-Policy "cross-origin" + Header always set Vary "Origin" + ` ;(async () => { diff --git a/packages/studio/adapters/src/engine/EnginePreferencesSchema.ts b/packages/studio/adapters/src/engine/EnginePreferencesSchema.ts index b7dd6ade..003a592f 100644 --- a/packages/studio/adapters/src/engine/EnginePreferencesSchema.ts +++ b/packages/studio/adapters/src/engine/EnginePreferencesSchema.ts @@ -5,6 +5,9 @@ const _RecordingCountInBars = [1, 2, 3, 4, 5, 6, 7, 8] as const const _OlderTakeActionOptions = ["disable-track", "mute-region"] as const const _OlderTakeScopeOptions = ["all", "previous-only"] as const +const isDevOrLocalhost = typeof location !== "undefined" && + (location.hostname === "localhost" || location.hostname === "dev.opendaw.studio") + export const EngineSettingsSchema = z.object({ metronome: z.object({ enabled: z.boolean(), @@ -31,7 +34,7 @@ export const EngineSettingsSchema = z.object({ olderTakeScope: z.union(_OlderTakeScopeOptions.map(value => z.literal(value))) }).default({ countInBars: 1, - allowTakes: location.hostname === "localhost" || location.hostname === "dev.opendaw.studio", + allowTakes: isDevOrLocalhost, olderTakeAction: "disable-track", olderTakeScope: "previous-only" })