joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Allow multiple origins for header Access-Control-Allow-Origin (#8517)

Browse Source
This commit is contained in:
Marc Derhammer
2023-05-01 16:25:22 -04:00
committed by GitHub
parent 9e43bc2fa0
commit 4f15539ac2
6 changed files with 49 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/middlewares.js
View File

@@ -384,8 +384,13 @@ export function allowCrossDomain(appId) {
if (config && config.allowHeaders) {
allowHeaders += `, ${config.allowHeaders.join(', ')}`;
}
const allowOrigin = (config && config.allowOrigin) || '*';
res.header('Access-Control-Allow-Origin', allowOrigin);
const baseOrigins =
typeof config?.allowOrigin === 'string' ? [config.allowOrigin] : config?.allowOrigin ?? ['*'];
const requestOrigin = req.headers.origin;
const allowOrigins =
requestOrigin && baseOrigins.includes(requestOrigin) ? requestOrigin : baseOrigins[0];
res.header('Access-Control-Allow-Origin', allowOrigins);
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS');
res.header('Access-Control-Allow-Headers', allowHeaders);
res.header('Access-Control-Expose-Headers', 'X-Parse-Job-Status-Id, X-Parse-Push-Status-Id');