fix chat messages

thisIsAnVariableOfACoder · thisIsAnVariableOfACoder · commit 2eec13ccbde6 · 2026-02-11T22:28:05.000+07:00
diff --git a/assets/index-BZyTf0Y9.js b/assets/index-BZyTf0Y9.js
diff --git a/assets/index-CmA9LlJR.js b/assets/index-CmA9LlJR.js
diff --git a/backend/index.js b/backend/index.js
@@ -29,9 +29,15 @@ const FRONTEND_URL = process.env.FRONTEND_URL || "*";
 ========================= */
 
 // CORS fix cho production
+// Note: credentials=true cannot be used with Access-Control-Allow-Origin: '*'
+const allowAnyOrigin = String(FRONTEND_URL).trim() === '*';
 app.use(cors({
-  origin: FRONTEND_URL,
-  credentials: true
+  origin: allowAnyOrigin ? true : FRONTEND_URL,
+  credentials: !allowAnyOrigin
+}));
+app.options('*', cors({
+  origin: allowAnyOrigin ? true : FRONTEND_URL,
+  credentials: !allowAnyOrigin
 }));
 
 app.use(express.json());
diff --git a/frontend/dist/index.html b/frontend/dist/index.html
@@ -16,7 +16,7 @@
       }(window.location));
     </script>
     <script src="./runtime-config.js"></script>
-    <script type="module" crossorigin src="./assets/index-DBWXNU1C.js"></script>
+    <script type="module" crossorigin src="./assets/index-BZyTf0Y9.js"></script>
     <link rel="stylesheet" crossorigin href="./assets/index-DmnBBc78.css">
   </head>
   <body>
diff --git a/frontend/src/api.js b/frontend/src/api.js
@@ -7,7 +7,24 @@ function buildUrl(path) {
   return `${API_BASE}${normalizedPath}`;
 }
 
+function shouldBlockRelativeApiCall(path) {
+  const normalizedPath = String(path || '').startsWith('/') ? path : `/${path}`;
+  if (!normalizedPath.startsWith('/api/')) return false;
+  if (API_BASE) return false;
+  if (typeof window === 'undefined') return false;
+  const hostname = String(window.location?.hostname || '');
+  const isLocalhost = /^(localhost|127\.0\.0\.1)$/i.test(hostname);
+  return !isLocalhost;
+}
+
 async function request(path, options = {}) {
+  if (shouldBlockRelativeApiCall(path)) {
+    return {
+      success: false,
+      error: 'Backend API chưa được cấu hình. Cập nhật window.__API_BASE__ trong runtime-config.js.'
+    };
+  }
+
   try {
     const res = await fetch(buildUrl(path), options);
     const text = await res.text();
diff --git a/frontend/src/config.js b/frontend/src/config.js
@@ -10,8 +10,10 @@ const hostname = typeof window !== 'undefined' ? window.location.hostname : '';
 const isLocalhost = /^(localhost|127\.0\.0\.1)$/i.test(hostname);
 const isGithubPages = /(^|\.)github\.io$/i.test(hostname);
 
+const isInvalidGithubApiBase = isGithubPages && /(^|\.)github\.io$/i.test(String(runtimeApiBase || envApiBase));
+
 const fallbackApiBase = isLocalhost ? 'http://localhost:3001' : '';
-const configuredApiBase = runtimeApiBase || envApiBase || fallbackApiBase;
+const configuredApiBase = isInvalidGithubApiBase ? '' : (runtimeApiBase || envApiBase || fallbackApiBase);
 
 const runtimeOffline = typeof window !== 'undefined' ? window.__IS_OFFLINE__ : undefined;
 const envOffline = import.meta.env.VITE_OFFLINE_MODE === 'true';
diff --git a/index.html b/index.html
@@ -16,7 +16,7 @@
       }(window.location));
     </script>
     <script src="./runtime-config.js"></script>
-    <script type="module" crossorigin src="./assets/index-DBWXNU1C.js"></script>
+    <script type="module" crossorigin src="./assets/index-BZyTf0Y9.js"></script>
     <link rel="stylesheet" crossorigin href="./assets/index-DmnBBc78.css">
   </head>
   <body>
