allow port in cors
This commit is contained in:
@@ -324,19 +324,17 @@ apxtri.runexpress = async (tribesdns, conf) => {
|
|||||||
const regorigin = new RegExp(regtxt);
|
const regorigin = new RegExp(regtxt);
|
||||||
app.use(cors({
|
app.use(cors({
|
||||||
origin: function (origin, callback) {
|
origin: function (origin, callback) {
|
||||||
// Allow requests with no origin (like mobile apps, curl, etc.)
|
|
||||||
if (!origin) {
|
if (!origin) {
|
||||||
return callback(null, true);
|
return callback(null, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if origin matches allowed domains pattern
|
|
||||||
if (regorigin.test(origin)) {
|
if (regorigin.test(origin)) {
|
||||||
return callback(null, true);
|
return callback(null, true);
|
||||||
} else {
|
} else {
|
||||||
console.log(
|
console.log(
|
||||||
`CORS blocked: ${origin} does not match pattern ${regtxt}. Add it in itm/tribename.json in dns.`
|
`CORS blocked: ${origin} does not match pattern ${regtxt}. Add it in itm/tribename.json in dns.`
|
||||||
);
|
);
|
||||||
return callback(new Error('Not allowed by CORS'));
|
return callback(null, false);
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
allowedHeaders: conf.api.exposedHeaders,
|
allowedHeaders: conf.api.exposedHeaders,
|
||||||
@@ -345,6 +343,14 @@ apxtri.runexpress = async (tribesdns, conf) => {
|
|||||||
preflightContinue: false,
|
preflightContinue: false,
|
||||||
optionsSuccessStatus: 204,
|
optionsSuccessStatus: 204,
|
||||||
}));
|
}));
|
||||||
|
|
||||||
|
app.use((req, res, next) => {
|
||||||
|
const origin = req.headers.origin;
|
||||||
|
if (origin && !regorigin.test(origin)) {
|
||||||
|
return res.status(403).json({ error: 'CORS not allowed' });
|
||||||
|
}
|
||||||
|
next();
|
||||||
|
});
|
||||||
/*app.use((req, res, next) => {
|
/*app.use((req, res, next) => {
|
||||||
let cor = false;
|
let cor = false;
|
||||||
//console.log(req.headers)
|
//console.log(req.headers)
|
||||||
|
|||||||
Reference in New Issue
Block a user