Is there a way to set the headers of all static files and JS files for invalidating CORs?

[saeho]

I want to use CORs to invalidate requests to my static files by using the middleware.

However, I don't know how to set the headers (access-control-allow-origin) of my own requests within the app so when I look at the origin from the middleware, it's always "*", which makes CORs invalidation impossible.

Is there a way to set the headers of my own requests to my own JS/static files so I can make use of this in the middleware CORs validation?

[CAYdenberg]

I don't think you can use middleware on static assets yet. I've written custom handlers FOR static assets, which basically request the asset from disc and then respond with it, so you could try that (ideally, you'd want to use streams, though).

BUT ... I have both Deno Deploy and self-deployed Fresh projects, and I don't see CORS headers injected in either case ... are you sure Fresh is adding those headers, or are they coming from your webserver?