-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add config to allow cors for specific origins (#26)
The default node version was also updated to 10.12.0.
- Loading branch information
1 parent
999e43f
commit 4466daa
Showing
6 changed files
with
89 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
10.1.0 | ||
10.12.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
const cors = require('cors'); | ||
const { merge } = require('lodash'); | ||
|
||
const config = require('../../config'); | ||
|
||
let cachedOriginWhitelist; | ||
|
||
module.exports = options => cors(corsOptionsDelegateFactory(options)); | ||
|
||
/** | ||
* Returns an asynchronous function that can be used as a delegate to | ||
* configure the CORS middleware. | ||
* | ||
* See https://www.npmjs.com/package/cors#configuring-cors-asynchronously | ||
* | ||
* @param {Object} options - Options to pass to the middleware. | ||
* @returns {Function} A CORS options delegate. | ||
*/ | ||
function corsOptionsDelegateFactory(options) { | ||
return function(req, callback) { | ||
Promise | ||
.resolve() | ||
.then(() => getCorsOptions(req, options)) | ||
.then(result => callback(undefined, result)) | ||
.catch(callback); | ||
}; | ||
} | ||
|
||
/** | ||
* Constructs options for the CORS middleware based on the request. | ||
* | ||
* An origin whitelist is set based on the `cors.origin` configuration property by default. | ||
* | ||
* @param {Request} req - The Express request object. | ||
* @param {Object} options - Additional options (which may override the default options). | ||
* @returns {Object} Options for the CORS middleware. | ||
*/ | ||
function getCorsOptions(req, options) { | ||
|
||
const corsOptions = {}; | ||
|
||
const originWhitelist = getOriginWhitelist(); | ||
if (originWhitelist) { | ||
corsOptions.origin = originWhitelist.indexOf(req.get('Origin')) !== -1; | ||
} | ||
|
||
return merge(corsOptions, options); | ||
} | ||
|
||
/** | ||
* Returns a whitelist of origins allowed to use CORS. | ||
* | ||
* The list is based on the `cors.origin` configuration property. | ||
* | ||
* @returns {boolean|string[]} An array of allowed origins, or false if none are allowed. | ||
*/ | ||
function getOriginWhitelist() { | ||
if (cachedOriginWhitelist === undefined) { | ||
const origin = config.cors.origin; | ||
cachedOriginWhitelist = origin ? origin.split(',') : false; | ||
} | ||
|
||
return cachedOriginWhitelist; | ||
} |