nhcarrigan/hikari
2
0
Fork 0
generated from nhcarrigan/template
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: get a little hacky with the origin maybe?
All checks were successful
Node.js CI / Lint and Test (push) Successful in 1m11s
Details

Browse Source
This commit is contained in:
Naomi Carrigan
2025-07-05 19:53:38 -07:00
parent a2d25a9f56
commit f395f578eb
1 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
server/src/hooks/cors.ts
View File

@ -31,7 +31,16 @@ export const corsHook: onRequestHookHandler = async(request, response) => {
if (routesWithoutCors.includes(request.url)) { if (routesWithoutCors.includes(request.url)) {
return undefined; return undefined;
} }
if (!isValidOrigin(request.headers.origin)) { const { origin } = request.headers;
const { host } = request.headers;
const { referer } = request.headers;
const isSameOriginSafe
= origin === undefined
&& host === "hikari.nhcarrigan.com"
&& referer?.startsWith("https://hikari.nhcarrigan.com");
if (!isValidOrigin(origin) && isSameOriginSafe !== true) {
return await response.status(403).send({ return await response.status(403).send({
error: error: