apxtri/adminapi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

remove cors cause manage in reverse proxy

Browse Source
This commit is contained in:
philc
2026-02-27 09:06:01 +01:00
parent 7f42fa0b02
commit a4407b3e40
1 changed files with 1 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
apxtri/apxtri.js
View File

@@ -35,7 +35,6 @@ const bodyParser = require("body-parser");
const glob = require("glob");
const path = require("path");
const Mustache = require("mustache");
const cors = require("cors");
const express = require("express");
const process = require("process");
@@ -252,7 +251,7 @@ apxtri.runexpress = async (tribesdns, conf) => {
let tribeIds = Object.keys(tribesdns);
// context is store in /itm/tribename.json ={contexte:{routes:[],models:[{model:,tplstringslg:[]}]}
// routes={url,route} check how to add plugin tribe route later
// keep only the 2 last part (.) of domain name to validate cors with it (generic domain)
// keep only the 2 last part (.) of domain name to validate requests with it (generic domain)
let routes = [];
let doms = [];
tribeIds.forEach((t) => {
@@ -314,75 +313,6 @@ apxtri.runexpress = async (tribesdns, conf) => {
);
console.log(currentmod, " app.locals.tribeids", app.locals.tribeids);
// Cors management
let regtxt = "(test";
doms.forEach((d) => {
regtxt += `|${d.replace(/\./g, "\\.")}(:[0-9]+)?`;
});
regtxt += ")$";
// let cor = false;whatwg-url
const regorigin = new RegExp(regtxt);
const allowedOrigins = [
'http://dev.smatchit.io:8081',
'https://dev.smatchit.io:8081',
];
console.log('Allowed origins hardcoded:', allowedOrigins);
console.log('CORS regex pattern:', regtxt);
app.use(cors({
origin: function (origin, callback) {
console.log('CORS check - origin:', origin);
if (!origin) {
return callback(null, true);
}
if (regorigin.test(origin) || allowedOrigins.includes(origin) || allowedOrigins.includes(origin.replace(/\/$/, ''))) {
return callback(null, true);
} else {
console.log(
`CORS blocked: ${origin} does not match pattern ${regtxt}. Add it in itm/tribename.json in dns.`
);
return callback(null, false);
}
},
allowedHeaders: conf.api.exposedHeaders,
exposedHeaders: conf.api.exposedHeaders,
credentials: true,
preflightContinue: false,
optionsSuccessStatus: 204,
}));
app.use((req, res, next) => {
const origin = req.headers.origin;
if (origin && !regorigin.test(origin) && !allowedOrigins.includes(origin) && !allowedOrigins.includes(origin.replace(/\/$/, ''))) {
console.log(`CORS blocked: ${origin}`);
return res.status(403).json({ error: 'CORS not allowed', origin });
}
next();
});
/*app.use((req, res, next) => {
let cor = false;
//console.log(req.headers)
if (req.headers.origin == undefined) {
//used for mobile access
cor = true;
} else {
cor = regorigin.test(req.headers.origin);
}
if (!cor)
console.log(
`The domain name ${req.headers.origin} is not allow to access for CORS settings, add it in itm/tribename.json in dns current origin allow are filter by ${regtxt}`
);
cors({
origin: cor,
allowedHeaders: conf.api.exposedHeaders,
exposedHeaders: conf.api.exposedHeaders,
credentials: true,
preflightContinue: false,
optionsSuccessStatus: 204,
});
next();
});
*/
// Routers add any routes from /routes and /plugins
let logroute = "Routes available on this apxtri instance: \n";
routes.forEach((r) => {