Suggestion: allow to skip origin checks #61
Assignees
Comments
|
Hm, wait, this seems to be client side code. Of course Can we get a build flag to disable it or maybe load the ALLOWED_ORIGINS list from a json file that I can simply clear before building? How does this look to you:
[
"https://nmrxiv.org",
"http://nmrxiv.org",
"http://localhost",
"http://localhost:3000",
"http://127.0.0.1:",
"http://127.0.0.1:3000",
"http://test.nmrxiv.org",
"http://193.196.39.168",
"http://193.196.39.168:3000",
"https://nodejsdev.nmrxiv.org"
]
// in your events.ts
// replace the ALLOWED_ORIGINS definition with an import
import ALLOWED_ORIGINS from '../allowed_origins.json';
...
const skipOriginCheck = ALLOWED_ORIGINS.length == 0 || ALLOWED_ORIGINS.includes('*');
if (!skipOriginCheck && !ALLOWED_ORIGINS.includes(parseOrigin(origin))) {
throw new Error(`Invalid Origin ${origin}`);
}
... |
|
Thanks for your suggestions |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We are planning to use this service i a dynamic environment where we can not foresee the origin URLs upfront. Would it be possible to allow skipping the origin checks altogether, if, for example, an environment variable is set? Obviously the service would then be publicly available, but in our case, we are fine with this or can handle it through origin checks in the network infrastructure.
I suggest something to the extend of replacing
nmrium-react-wrapper/src/events/event.ts
Line 50 in 1f1530c
with:
The text was updated successfully, but these errors were encountered: