fix: only enable cors for relay routers to avoid csrf attack

main.go

@@ -7,7 +7,6 @@ import (
 	"github.com/gin-gonic/gin"
 	"one-api/common"
 	"one-api/controller"
-	"one-api/middleware"
 	"one-api/model"
 	"one-api/router"
 	"os"
@@ -88,7 +87,6 @@ func main() {
 	server := gin.Default()
 	// This will cause SSE not to work!!!
 	//server.Use(gzip.Gzip(gzip.DefaultCompression))
-	server.Use(middleware.CORS())
 
 	// Initialize session store
 	store := cookie.NewStore([]byte(common.SessionSecret))

router/relay-router.go

@@ -8,6 +8,7 @@ import (
 )
 
 func SetRelayRouter(router *gin.Engine) {
+	router.Use(middleware.CORS())
 	// https://platform.openai.com/docs/api-reference/introduction
 	modelsRouter := router.Group("/v1/models")
 	modelsRouter.Use(middleware.TokenAuth())