Initial
This commit is contained in:
31
server/middleware/cors.js
Normal file
31
server/middleware/cors.js
Normal file
@@ -0,0 +1,31 @@
|
||||
const cors = require('cors');
|
||||
const { one } = require('../db');
|
||||
|
||||
function isLocalDevOrigin(origin) {
|
||||
try {
|
||||
const url = new URL(origin);
|
||||
return ['localhost', '127.0.0.1'].includes(url.hostname);
|
||||
} catch {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
function createCorsMiddleware() {
|
||||
const persistedCors = one('SELECT value FROM app_settings WHERE key = ?', ['cors_allowed_domains'])?.value || '';
|
||||
const allowedOrigins = (process.env.MIXEDASSETS_CORS_ORIGINS || persistedCors || 'http://localhost:5173,http://127.0.0.1:5173')
|
||||
.split(',')
|
||||
.map((origin) => origin.trim())
|
||||
.filter(Boolean);
|
||||
|
||||
return cors({
|
||||
origin(origin, callback) {
|
||||
if (!origin || allowedOrigins.includes(origin) || isLocalDevOrigin(origin)) return callback(null, true);
|
||||
return callback(new Error('Origin is not allowed by MixedAssets CORS settings'));
|
||||
},
|
||||
credentials: true
|
||||
});
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
createCorsMiddleware
|
||||
};
|
||||
Reference in New Issue
Block a user