generated from nhcarrigan/template
fix: get a little hacky with the origin maybe?
All checks were successful
Node.js CI / Lint and Test (push) Successful in 1m11s
All checks were successful
Node.js CI / Lint and Test (push) Successful in 1m11s
This commit is contained in:
@ -31,7 +31,16 @@ export const corsHook: onRequestHookHandler = async(request, response) => {
|
|||||||
if (routesWithoutCors.includes(request.url)) {
|
if (routesWithoutCors.includes(request.url)) {
|
||||||
return undefined;
|
return undefined;
|
||||||
}
|
}
|
||||||
if (!isValidOrigin(request.headers.origin)) {
|
const { origin } = request.headers;
|
||||||
|
const { host } = request.headers;
|
||||||
|
const { referer } = request.headers;
|
||||||
|
|
||||||
|
const isSameOriginSafe
|
||||||
|
= origin === undefined
|
||||||
|
&& host === "hikari.nhcarrigan.com"
|
||||||
|
&& referer?.startsWith("https://hikari.nhcarrigan.com");
|
||||||
|
|
||||||
|
if (!isValidOrigin(origin) && isSameOriginSafe !== true) {
|
||||||
return await response.status(403).send({
|
return await response.status(403).send({
|
||||||
error:
|
error:
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user