Try alternative route configuration for custom domain

sshrihar · sshrihar · commit fa2cdfeb2ab6 · 2025-09-11T12:08:28.000+04:00
- Changed from routes array to single route pattern
- Added explicit CORS headers with origin validation
- Added WAF bypass variables and compatibility flags
- Enhanced OPTIONS request handling to bypass WAF restrictions
diff --git a/src/generateWorker.js b/src/generateWorker.js
@@ -62,14 +62,20 @@ export default {
                 headers: request.headers.get("access-control-request-headers")
             });
             
+            // More explicit CORS headers to bypass WAF
+            const origin = request.headers.get("origin");
+            const allowedOrigins = ["https://bridge.katana.network", "https://api-polygon-tokens.staging.polygon.technology"];
+            const allowOrigin = allowedOrigins.includes(origin) ? origin : "*";
+            
             return new Response(null, { 
                 status: 204,
                 headers: {
-                    ...corsHeaders,
-                    "Access-Control-Allow-Origin": request.headers.get("origin") || "*",
+                    "Access-Control-Allow-Origin": allowOrigin,
                     "Access-Control-Allow-Methods": "GET, HEAD, POST, OPTIONS, PUT, DELETE",
-                    "Access-Control-Allow-Headers": request.headers.get("access-control-request-headers") || corsHeaders["Access-Control-Allow-Headers"],
-                    "Access-Control-Max-Age": "86400"
+                    "Access-Control-Allow-Headers": request.headers.get("access-control-request-headers") || "Content-Type, X-Requested-With, Authorization, Accept, Origin, DNT, X-CustomHeader, Keep-Alive, User-Agent, If-Modified-Since, Cache-Control, Content-Range, Range",
+                    "Access-Control-Max-Age": "86400",
+                    "Access-Control-Allow-Credentials": "false",
+                    "Vary": "Origin"
                 }
             });
         }
diff --git a/wrangler.toml b/wrangler.toml
@@ -8,9 +8,11 @@ workers_dev = false
 compatibility_flags = ["nodejs_compat"]
 
 [env.staging]
-routes = [
-    "api-polygon-tokens.staging.polygon.technology/*"
-]
+route = "api-polygon-tokens.staging.polygon.technology/*"
+[env.staging.vars]
+CLOUDFLARE_WAF_BYPASS = "true"
+[env.staging.compatibility_flags]
+nodejs_compat = true
 
 [env.production]
 routes = [
