Hotfix for CORS issue when no Origin header is present.

closes #986, #961
balderdashy · Oct 14, 2013 · f42da3c · f42da3c · mikermcneil · Oct 14, 2013
1 parent a003802
commit f42da3c
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/lib/hooks/cors/index.js b/lib/hooks/cors/index.js
@@ -79,8 +79,8 @@ module.exports = function(sails) {
 			routeCorsConfig = {};
 		}
 		return function(req, res, next) {
-			// If we can set headers (i.e. it's not a socket request), do so.
-			if (res.setHeader) {
+			// If we have an origin header, and we can set headers (i.e. it's not a socket request), do so.
+			if (res.setHeader && req.headers && req.headers.origin) {
 
 				// Get the allowed origins
 				var origins = (routeCorsConfig.origin || sails.config.cors.origin).split(',');

diff --git a/lib/util/index.js b/lib/util/index.js
@@ -253,7 +253,11 @@ exports.optional = function wrapOptionalCallback (cb) {
 
 exports.isSameOrigin = function isSameOrigin (req) {
 	// Get the domain out of the origin header
-	var domain = req.headers.origin.match(/^https?:\/\/([^:]+)(:\d+)?$/)[1];
+	var matches = req.headers.origin.match(/^https?:\/\/([^:]+)(:\d+)?$/);
+	if (matches === null) {
+		return false;
+	}
+	var domain = matches[1];
 	// Compare it to the host
 	return (req.host == domain);
 };