feat: allow custom cors origin header (#6772)

2020-07-10 11:48:57 -07:00
parent 6fc42a526f
commit d03ec18bcc
5 changed files with 45 additions and 1 deletions
--- a/src/middlewares.js
+++ b/src/middlewares.js
@@ -316,7 +316,8 @@ export function allowCrossDomain(appId) {
    if (config && config.allowHeaders) {
      allowHeaders += `, ${config.allowHeaders.join(', ')}`;
    }
-    res.header('Access-Control-Allow-Origin', '*');
+    const allowOrigin = (config && config.allowOrigin) || '*';
+    res.header('Access-Control-Allow-Origin', allowOrigin);
    res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS');
    res.header('Access-Control-Allow-Headers', allowHeaders);
    res.header(