optimize and enforce external-controller-cors config for all users

- Refactored config guard logic to always inject secure defaults for external-controller-cors (allow-origins: ['http://localhost', 'http://127.0.0.1'], allow-private-network: true). - Ensures both new and existing user configs are automatically upgraded for enhanced CORS security. - Improves configuration migration and future maintainability. fix: add http://localhost:3000 to CORS allow-origins for tauri dev server compatibility
2026-01-29 08:45:41 +08:00 · 2025-05-22 14:18:22 +08:00
parent 5b2f946828
commit 8b800f679b
3 changed files with 39 additions and 8 deletions
--- a/UPDATELOG.md
+++ b/UPDATELOG.md
@@ -81,6 +81,7 @@
 - 优化了随机端口和密钥机制，防止随机时卡死！
 - 优化了保存机制，使用平滑函数，防止客户端卡死！
 - 优化端口设置退出和保存机制！
+ - 强制为 Mihomo 配置补全并覆盖 external-controller-cors 字段，默认不允许跨域和仅本地请求，提升 cors 安全性，升级配置时自动覆盖。

 ## v2.2.3