Cors headers not set on static site response

[sarunluitel]

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the bug has not already been reported

Fastify version

3.29

Plugin version

5.0.2

Node.js version

16

Operating system

Linux

Operating system version (i.e. 20.04, 11.3, 10)

ubuntu 20.04

Description

I am using @fastify/cors, @fastify/helmet and @fastify/static on a project. I have set helmet and cors for all endpoints in the project. All other endpoints return response with header:

access-control-allow-origin : https://www.domain.com

but not the response sent from reply.sendFile for static file serve. The headers from helmet are present on the sendFile response

Steps to Reproduce

server.register(fastifyHelmet); // for best practice headers
server.register(fastifyCors, {
  origin: ['https://www.domain.com', 'https://dev.domain.com'],
  credentials: true,
});
server.register(staticFileServe,{
  root: join(__dirname, '../uploads'),
});

// later on the send endpoint
res.code(200).sendFile('path/to/file');

Expected Behavior

response header should have a header
access-control-allow-origin : https://www.domain.com

[mcollina]

Can you provide steps to reproduce? We often need a reproducible example, e.g. some code that allows someone else to recreate your problem by just copying and pasting it. If it involves more than a couple of different file, create a new repository on GitHub and add a link to that.