fix: add CORS headers to CDN routes for cross-origin Pyodide access

reecelikesramen · reecelikesramen · commit 72d80487429a · 2026-04-13T13:53:58.000-06:00
Nightly docs at nightly.pywire.dev fetch wheels from pywire.dev/cdn/
(cross-origin). Without Access-Control-Allow-Origin, micropip in the
Pyodide web worker gets opaque/blocked responses.
diff --git a/worker/src/index.js b/worker/src/index.js
@@ -25,7 +25,7 @@ export default {
       return new Response(
         `<!DOCTYPE html><html><head><title>Links for ${pkgName}</title></head>` +
         `<body><h1>Links for ${pkgName}</h1>\n${links}\n</body></html>`,
-        { headers: { 'Content-Type': 'text/html; charset=utf-8' } }
+        { headers: { 'Content-Type': 'text/html; charset=utf-8', 'Access-Control-Allow-Origin': '*' } }
       )
     }
 
@@ -39,6 +39,7 @@ export default {
         headers: {
           'Content-Type': contentType,
           'Cache-Control': 'public, max-age=31536000, immutable',
+          'Access-Control-Allow-Origin': '*',
         },
       })
     }

Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,7 @@ export default {`
`25`	`25`	`return new Response(`
`26`	`26`	`<!DOCTYPE html><html><head><title>Links for ${pkgName}</title></head>` +
`27`	`27`	`<body><h1>Links for ${pkgName}</h1>\n${links}\n</body></html>`,
`28`		`- { headers: { 'Content-Type': 'text/html; charset=utf-8' } }`
	`28`	`+ { headers: { 'Content-Type': 'text/html; charset=utf-8', 'Access-Control-Allow-Origin': '*' } }`
`29`	`29`	`)`
`30`	`30`	`}`
`31`	`31`
`@@ -39,6 +39,7 @@ export default {`
`39`	`39`	`headers: {`
`40`	`40`	`'Content-Type': contentType,`
`41`	`41`	`'Cache-Control': 'public, max-age=31536000, immutable',`
	`42`	`+ 'Access-Control-Allow-Origin': '*',`
`42`	`43`	`},`
`43`	`44`	`})`
`44`	`45`	`}`