adds safe isDevOrLocalhost

This commit is contained in:
André Michelle
2026-01-09 17:50:52 +01:00
parent 42d8716171
commit 710ccbe982
2 changed files with 19 additions and 21 deletions
+15 -20
View File
@@ -19,29 +19,13 @@ const envFolder = isMainBranch ? "main" : "dev"
const readBuildInfo = () => JSON.parse(fs.readFileSync(buildInfoPath, "utf8"))
const createRootHtaccess = (mainReleaseDir: string, devReleaseDir: string) => `# openDAW
#
<IfModule mod_headers.c>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
# Dynamic CORS: Allow opendaw.studio, dev.opendaw.studio, and localhost:8080-8089
RewriteCond %{HTTP:Origin} ^(https://opendaw\\.studio|https://dev\\.opendaw\\.studio|https://localhost:808[0-9])$ [NC]
RewriteRule .* - [E=ORIGIN_ALLOWED:%{HTTP:Origin}]
</IfModule>
Header set Access-Control-Allow-Origin "%{ORIGIN_ALLOWED}e" env=ORIGIN_ALLOWED
Header set Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE"
Header set Access-Control-Allow-Headers "Authorization, Content-Type, X-Requested-With"
Header set Access-Control-Allow-Credentials "true"
Header set Cross-Origin-Opener-Policy "same-origin"
Header set Cross-Origin-Embedder-Policy "require-corp"
Header set Cross-Origin-Resource-Policy "cross-origin"
Header always set Vary "Origin"
</IfModule>
RewriteEngine On
RewriteBase /
# Dynamic CORS: Allow opendaw.studio, dev.opendaw.studio, and localhost:8080-8089
RewriteCond %{HTTP:Origin} ^(https://opendaw\\.studio|https://dev\\.opendaw\\.studio|https://localhost:808[0-9])$ [NC]
RewriteRule .* - [E=ORIGIN_ALLOWED:%{HTTP:Origin}]
# --------------------------------------------------
# Allow extract.php to execute (don't redirect it)
RewriteRule ^extract\\.php$ - [L]
@@ -58,6 +42,17 @@ RewriteRule ^(.*)$ ${devReleaseDir}/$1 [L]
RewriteCond %{HTTP_HOST} ^opendaw\\.studio$ [NC]
RewriteRule ^(.*)$ ${mainReleaseDir}/$1 [L]
# --------------------------------------------------
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "%{ORIGIN_ALLOWED}e" env=ORIGIN_ALLOWED
Header set Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE"
Header set Access-Control-Allow-Headers "Authorization, Content-Type, X-Requested-With"
Header set Access-Control-Allow-Credentials "true"
Header set Cross-Origin-Opener-Policy "same-origin"
Header set Cross-Origin-Embedder-Policy "require-corp"
Header set Cross-Origin-Resource-Policy "cross-origin"
Header always set Vary "Origin"
</IfModule>
`
;(async () => {
@@ -5,6 +5,9 @@ const _RecordingCountInBars = [1, 2, 3, 4, 5, 6, 7, 8] as const
const _OlderTakeActionOptions = ["disable-track", "mute-region"] as const
const _OlderTakeScopeOptions = ["all", "previous-only"] as const
const isDevOrLocalhost = typeof location !== "undefined" &&
(location.hostname === "localhost" || location.hostname === "dev.opendaw.studio")
export const EngineSettingsSchema = z.object({
metronome: z.object({
enabled: z.boolean(),
@@ -31,7 +34,7 @@ export const EngineSettingsSchema = z.object({
olderTakeScope: z.union(_OlderTakeScopeOptions.map(value => z.literal(value)))
}).default({
countInBars: 1,
allowTakes: location.hostname === "localhost" || location.hostname === "dev.opendaw.studio",
allowTakes: isDevOrLocalhost,
olderTakeAction: "disable-track",
olderTakeScope: "previous-only"
})