adm01-debug · adm01-debug · Apr 27, 2026 · Apr 27, 2026 · Apr 27, 2026 · Apr 27, 2026
@@ -10,10 +10,13 @@
 // Ideal para chamar via cron a cada 5 minutos com evaluate=1.
 
 import { createClient } from 'https://esm.sh/@supabase/supabase-js@2.49.1'
+import { getCorsHeaders } from '../_shared/validation.ts'
 
-const corsHeaders = {
-  'Access-Control-Allow-Origin': '*',
-  'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
+function getJsonCorsHeaders(req?: Request) {
+  return {
+    ...getCorsHeaders(req),
-    ...getCorsHeaders(req),
+    ...getCorsHeaders(req),
+    'Access-Control-Allow-Methods': 'GET, OPTIONS',
-    ...getCorsHeaders(req),
+    ...getCorsHeaders(req),
+    'Access-Control-Allow-Methods': 'GET, OPTIONS',
+    'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
+  }
 }
 
 // Limiares de alerta — ajustáveis via env vars.
@@ -168,7 +171,7 @@ export function evaluateAlerts(m: ComputedMetrics): AlertCandidate[] {
 
 Deno.serve(async (req) => {
   if (req.method === 'OPTIONS') {
-    return new Response('ok', { headers: corsHeaders })
+    return new Response('ok', { headers: getJsonCorsHeaders(req) })
   }
 
   const url = new URL(req.url)
@@ -192,7 +195,7 @@ Deno.serve(async (req) => {
 
   if (error) {
     return new Response(JSON.stringify({ error: error.message }), {
-      status: 500, headers: { ...corsHeaders, 'Content-Type': 'application/json' },
+      status: 500, headers: { ...getJsonCorsHeaders(req), 'Content-Type': 'application/json' },
     })
   }
 
@@ -259,6 +262,6 @@ Deno.serve(async (req) => {
     alert_candidates: candidates,
     fired_alerts: firedAlerts,
   }, null, 2), {
-    headers: { ...corsHeaders, 'Content-Type': 'application/json' },
+    headers: { ...getJsonCorsHeaders(req), 'Content-Type': 'application/json' },
   })
 })
@@ -15,17 +15,20 @@
 // Output: text/plain; version=0.0.4 (Prometheus exposition format).
 
 import { createClient } from 'https://esm.sh/@supabase/supabase-js@2.45.0'
+import { getCorsHeaders } from '../_shared/validation.ts'
 
 const SUPABASE_URL = Deno.env.get('SUPABASE_URL')!
 const SERVICE_ROLE_KEY = Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!
 const SCRAPE_TOKEN = Deno.env.get('PROXY_METRICS_TOKEN') ?? ''
 
-const PROM_HEADERS = {
-  'Content-Type': 'text/plain; version=0.0.4; charset=utf-8',
-  'Cache-Control': 'no-store',
-  'Access-Control-Allow-Origin': '*',
-  'Access-Control-Allow-Headers': 'authorization, content-type',
-  'Access-Control-Allow-Methods': 'GET, OPTIONS',
+function getPromHeaders(req?: Request) {
+  return {
+    ...getCorsHeaders(req),
+    'Content-Type': 'text/plain; version=0.0.4; charset=utf-8',
+    'Cache-Control': 'no-store',
+    'Access-Control-Allow-Headers': 'authorization, content-type',
+    'Access-Control-Allow-Methods': 'GET, OPTIONS',
+  }
 }
 
 type MetricRow = {
@@ -195,23 +198,23 @@ function buildExposition(rows: MetricRow[], windowKey: WindowKey, generatedAtMs:
 
 Deno.serve(async (req) => {
   if (req.method === 'OPTIONS') {
-    return new Response('ok', { headers: PROM_HEADERS })
+    return new Response('ok', { headers: getPromHeaders(req) })
   }
   if (req.method !== 'GET') {
-    return new Response('Method not allowed\n', { status: 405, headers: PROM_HEADERS })
+    return new Response('Method not allowed\n', { status: 405, headers: getPromHeaders(req) })
   }
 
   // Auth — fail-closed if no token configured.
   if (!SCRAPE_TOKEN) {
     return new Response(
       '# proxy-metrics: PROXY_METRICS_TOKEN secret is not configured.\n',
-      { status: 503, headers: PROM_HEADERS },
+      { status: 503, headers: getPromHeaders(req) },
     )
   }
   const auth = req.headers.get('Authorization') ?? ''
   const provided = auth.startsWith('Bearer ') ? auth.slice(7) : auth
   if (provided !== SCRAPE_TOKEN) {
-    return new Response('# unauthorized\n', { status: 401, headers: PROM_HEADERS })
+    return new Response('# unauthorized\n', { status: 401, headers: getPromHeaders(req) })
   }
 
   const url = new URL(req.url)
@@ -236,7 +239,7 @@ Deno.serve(async (req) => {
     if (error) {
       return new Response(
         `# error fetching proxy_metrics: ${error.message.replace(/\n/g, ' ')}\n`,
-        { status: 500, headers: PROM_HEADERS },
+        { status: 500, headers: getPromHeaders(req) },
       )
     }
     if (!data || data.length === 0) break
@@ -245,5 +248,5 @@ Deno.serve(async (req) => {
   }
 
   const body = buildExposition(rows, windowKey, Date.now())
-  return new Response(body, { status: 200, headers: PROM_HEADERS })
+  return new Response(body, { status: 200, headers: getPromHeaders(req) })
 })