forked from Cv-Keep/cvkeep-backend
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcors.js
47 lines (36 loc) · 1.28 KB
/
cors.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
const cors = require('cors');
const config = require('./config');
module.exports = {
getAllowedOrigins() {
const defaultAllowedOrigins = [config.clientURL, config.serverURL];
const extraAllowedOrigins = String(config.extraAllowedOrigins || '').split(' ');
return [...defaultAllowedOrigins, ...extraAllowedOrigins]
.filter(item => item.length)
.map(item => new URL(item).origin);
},
corsMiddle() {
return cors({
credentials: true,
methods: ['HEAD', 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'],
origin: (origin, callback) => {
const allowedOrigins = this.getAllowedOrigins();
const reqOrigin = origin ? new URL(origin).origin : '';
if (origin && !allowedOrigins.includes(reqOrigin)) {
return callback(new Error('Origin blocked by CORS policy.'), false);
}
return callback(null, true);
},
});
},
guard(app) {
app.use(this.corsMiddle());
app.use((req, res, next) => {
const origin = req.get('origin');
const allowedOrigins = this.getAllowedOrigins();
const allowThisOrigin = allowedOrigins.includes(origin) ? origin : allowedOrigins[0];
res.header('Access-Control-Allow-Origin', allowThisOrigin);
res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept');
next();
});
},
};