From affff859b0526965a703c3cf88352a838b89b1f6 Mon Sep 17 00:00:00 2001
From: zzlgreat <zzlgreat@gmail.com>
Date: Mon, 15 Dec 2025 18:24:34 +0800
Subject: [PATCH] update watchlist

---
 app.py | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/app.py b/app.py
index 4c8acce7..768e76ba 100755
--- a/app.py
+++ b/app.py
@@ -486,10 +486,11 @@ app.config['MAIL_DEFAULT_SENDER'] = MAIL_DEFAULT_SENDER
 # 允许前端跨域访问 - 修复CORS配置
 try:
     CORS(app,
-         origins=["http://localhost:3000", "http://127.0.0.1:3000", "http://localhost:5173", "https://valuefrontier.cn",
-                  "http://valuefrontier.cn"],  # 明确指定允许的源
+         origins=["http://localhost:3000", "http://127.0.0.1:3000", "http://localhost:5173",
+                  "https://valuefrontier.cn", "http://valuefrontier.cn",
+                  "https://www.valuefrontier.cn", "http://www.valuefrontier.cn"],  # 明确指定允许的源
          methods=["GET", "POST", "PUT", "DELETE", "OPTIONS"],
-         allow_headers=["Content-Type", "Authorization", "X-Requested-With"],
+         allow_headers=["Content-Type", "Authorization", "X-Requested-With", "Cache-Control"],
          supports_credentials=True,  # 允许携带凭据
          expose_headers=["Content-Type", "Authorization"])
 except ImportError:
@@ -5261,12 +5262,13 @@ def after_request(response):
     """处理所有响应，添加CORS头部和安全头部"""
     origin = request.headers.get('Origin')
     allowed_origins = ['http://localhost:3000', 'http://127.0.0.1:3000', 'http://localhost:5173',
-                       'https://valuefrontier.cn', 'http://valuefrontier.cn']
+                       'https://valuefrontier.cn', 'http://valuefrontier.cn',
+                       'https://www.valuefrontier.cn', 'http://www.valuefrontier.cn']
 
     if origin in allowed_origins:
         response.headers['Access-Control-Allow-Origin'] = origin
         response.headers['Access-Control-Allow-Credentials'] = 'true'
-        response.headers['Access-Control-Allow-Headers'] = 'Content-Type,Authorization,X-Requested-With'
+        response.headers['Access-Control-Allow-Headers'] = 'Content-Type,Authorization,X-Requested-With,Cache-Control'
         response.headers['Access-Control-Allow-Methods'] = 'GET,PUT,POST,DELETE,OPTIONS'
         response.headers['Access-Control-Expose-Headers'] = 'Content-Type,Authorization'
 
@@ -5281,14 +5283,15 @@ def add_cors_headers(response):
     """添加CORS头（保留原有函数以兼容）"""
     origin = request.headers.get('Origin')
     allowed_origins = ['http://localhost:3000', 'http://127.0.0.1:3000', 'http://localhost:5173',
-                       'https://valuefrontier.cn', 'http://valuefrontier.cn']
+                       'https://valuefrontier.cn', 'http://valuefrontier.cn',
+                       'https://www.valuefrontier.cn', 'http://www.valuefrontier.cn']
 
     if origin in allowed_origins:
         response.headers['Access-Control-Allow-Origin'] = origin
     else:
         response.headers['Access-Control-Allow-Origin'] = 'http://localhost:3000'
 
-    response.headers['Access-Control-Allow-Headers'] = 'Content-Type,Authorization,X-Requested-With'
+    response.headers['Access-Control-Allow-Headers'] = 'Content-Type,Authorization,X-Requested-With,Cache-Control'
     response.headers['Access-Control-Allow-Methods'] = 'GET,PUT,POST,DELETE,OPTIONS'
     response.headers['Access-Control-Allow-Credentials'] = 'true'
     return response