Skip to content

Commit

Permalink
Fix origin check for server.
Browse files Browse the repository at this point in the history
  • Loading branch information
@benwiley4000
benwiley4000 committed Mar 31, 2019
1 parent a1abc54 commit 15eb9b6
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 4 deletions.
5 changes: 2 additions & 3 deletions lib/server.js
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
const express = require('express')
const url = require('url')
const cors = require('cors')
const bodyParser = require('body-parser')
const HttpStatus = require('http-status-codes')
Expand Down Expand Up @@ -64,8 +63,8 @@ const createServer = (
app.post('/', rootCorsMiddleware, (req, res, next) => {
if (origin !== '*') {
if (!req.headers.origin) return next(createError(403))
const { host, hostname } = url.parse(req.headers.origin)
if (host !== origin || hostname !== origin) return next(createError(403))
const originHeader = req.headers.origin
if (originHeader.indexOf(origin) === -1) return next(createError(403))
}
if (req.body && typeof req.body === 'string') {
try {
Expand Down
2 changes: 1 addition & 1 deletion test/server.spec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ test('should send 403 when POSTING from a not allowed origin', async t => {
try {
await request.post(`${url}/`, {
resolveWithFullResponse: true,
headers: { origin: 'another origin' }
headers: { origin: 'not that origin' }
})
} catch (e) {
t.is(e.statusCode, 403)
Expand Down

0 comments on commit 15eb9b6

Please sign in to comment.