We use cookies to ensure you get the best experience on our website
Etusivu Tutki Apua
Rekisteröidy Kirjaudu sisään
0ct0pu5
/
standardnotes-server
1
0
Fork 0
Tiedostot Ongelmat 0 Pull-pyynnöt 0 Wiki
Selaa lähdekoodia

feat: add CORS_ORIGIN_STRICT_MODE_ENABLED env var to determine if CORS origin should be restricted

Karol Sójko 1 vuosi sitten
vanhempi
0a1e555b13
commit
5c02435ee4
3 muutettua tiedostoa jossa 30 lisäystä ja 0 poistoa
Yhdistetty näkymä Näytä diff tilastot
  1. 10 0
      packages/api-gateway/bin/server.ts
  2. 10 0
      packages/files/bin/server.ts
  3. 10 0
      packages/home-server/src/Server/HomeServer.ts

+ 10 - 0
packages/api-gateway/bin/server.ts
Näytä tiedosto 

@@ -91,6 +91,16 @@ void container.load().then((container) => {
 
         credentials: true,
 
         credentials: true,
 
         exposedHeaders: ['x-captcha-required'],
 
         exposedHeaders: ['x-captcha-required'],
 
         origin: (requestOrigin: string | undefined, callback: (err: Error | null, origin?: string[]) => void) => {
 
         origin: (requestOrigin: string | undefined, callback: (err: Error | null, origin?: string[]) => void) => {
 
+          const originStrictModeEnabled = env.get('CORS_ORIGIN_STRICT_MODE_ENABLED', true)
 
+            ? env.get('CORS_ORIGIN_STRICT_MODE_ENABLED', true) === 'true'
 
+            : false
 
+
 
+          if (!originStrictModeEnabled) {
 
+            callback(null, [requestOrigin as string])
 
+
 
+            return
 
+          }
 
+
 
           const requstOriginIsNotFilled = !requestOrigin || requestOrigin === 'null'
 
           const requstOriginIsNotFilled = !requestOrigin || requestOrigin === 'null'
 
           const requestOriginatesFromTheDesktopApp = requestOrigin?.startsWith('file://')
 
           const requestOriginatesFromTheDesktopApp = requestOrigin?.startsWith('file://')
 
           const requestOriginatesFromClipperForFirefox = requestOrigin?.startsWith('moz-extension://')
 
           const requestOriginatesFromClipperForFirefox = requestOrigin?.startsWith('moz-extension://')

+ 10 - 0
packages/files/bin/server.ts
Näytä tiedosto 

@@ -79,6 +79,16 @@ void container.load().then((container) => {
 
           'Access-Control-Allow-Origin',
 
           'Access-Control-Allow-Origin',
 
         ],
 
         ],
 
         origin: (requestOrigin: string | undefined, callback: (err: Error | null, origin?: string[]) => void) => {
 
         origin: (requestOrigin: string | undefined, callback: (err: Error | null, origin?: string[]) => void) => {
 
+          const originStrictModeEnabled = env.get('CORS_ORIGIN_STRICT_MODE_ENABLED', true)
 
+            ? env.get('CORS_ORIGIN_STRICT_MODE_ENABLED', true) === 'true'
 
+            : false
 
+
 
+          if (!originStrictModeEnabled) {
 
+            callback(null, [requestOrigin as string])
 
+
 
+            return
 
+          }
 
+
 
           const requstOriginIsNotFilled = !requestOrigin || requestOrigin === 'null'
 
           const requstOriginIsNotFilled = !requestOrigin || requestOrigin === 'null'
 
           const requestOriginatesFromTheDesktopApp = requestOrigin?.startsWith('file://')
 
           const requestOriginatesFromTheDesktopApp = requestOrigin?.startsWith('file://')
 
           const requestOriginatesFromClipperForFirefox = requestOrigin?.startsWith('moz-extension://')
 
           const requestOriginatesFromClipperForFirefox = requestOrigin?.startsWith('moz-extension://')

+ 10 - 0
packages/home-server/src/Server/HomeServer.ts
Näytä tiedosto 

@@ -137,6 +137,16 @@ export class HomeServer implements HomeServerInterface {
 
             credentials: true,
 
             credentials: true,
 
             exposedHeaders: ['Content-Range', 'Accept-Ranges', 'x-captcha-required'],
 
             exposedHeaders: ['Content-Range', 'Accept-Ranges', 'x-captcha-required'],
 
             origin: (requestOrigin: string | undefined, callback: (err: Error | null, origin?: string[]) => void) => {
 
             origin: (requestOrigin: string | undefined, callback: (err: Error | null, origin?: string[]) => void) => {
 
+              const originStrictModeEnabled = env.get('CORS_ORIGIN_STRICT_MODE_ENABLED', true)
 
+                ? env.get('CORS_ORIGIN_STRICT_MODE_ENABLED', true) === 'true'
 
+                : false
 
+
 
+              if (!originStrictModeEnabled) {
 
+                callback(null, [requestOrigin as string])
 
+
 
+                return
 
+              }
 
+
 
               const requstOriginIsNotFilled = !requestOrigin || requestOrigin === 'null'
 
               const requstOriginIsNotFilled = !requestOrigin || requestOrigin === 'null'
 
               const requestOriginatesFromTheDesktopApp = requestOrigin?.startsWith('file://')
 
               const requestOriginatesFromTheDesktopApp = requestOrigin?.startsWith('file://')
 
               const requestOriginatesFromClipperForFirefox = requestOrigin?.startsWith('moz-extension://')
 
               const requestOriginatesFromClipperForFirefox = requestOrigin?.startsWith('moz-extension://')

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5