Permalink
Browse files

do not send results if CORS origin header did not match hostname from…

… apikey lookup
  • Loading branch information...
1 parent fde0afa commit 032c984bacf34987bda0e66e169e4770b6ea2d3d @Trott committed Mar 22, 2013
Showing with 3 additions and 5 deletions.
  1. +3 −5 routes/person.js
View
@@ -5,11 +5,9 @@ exports.search = function(req, res) {
"use strict";
// If no CORS header indicating API key matched origin, return nothing.
- // TODO: Make this actually, you know, work.
- // TODO: This file doesn't log.
- // if (! res.get('access-control-request-method')) {
- // return res.send(200);
- // }
+ if (! res.get('access-control-request-method')) {
+ return res.send(200);
+ }
var directoryOptions = {
host: "directory.ucsf.edu",

0 comments on commit 032c984

Please sign in to comment.