add cors allow list

This commit is contained in:
hippoz 2021-01-20 03:20:48 +02:00
parent c94b7be5fb
commit f763e733f0
No known key found for this signature in database
GPG key ID: 7C52899193467641
2 changed files with 14 additions and 2 deletions

View file

@ -2,7 +2,13 @@ module.exports = {
ports: { ports: {
mainServerPort: 3005, mainServerPort: 3005,
}, },
address: 'b.hippoz.xyz', address: 'localhost',
//restrictions: {
// signup: {
// specialCode: ''
// }
//},
corsAllowList: [ 'localhost' ],
mongoUrl: 'mongodb://192.168.0.105:27017/app', mongoUrl: 'mongodb://192.168.0.105:27017/app',
bcryptRounds: 10, bcryptRounds: 10,
roleMap: { roleMap: {

View file

@ -18,7 +18,13 @@ app.use(express.urlencoded({ extended: false }));
app.use(express.json()); app.use(express.json());
app.use(cookieParser()); app.use(cookieParser());
app.use(cors({ app.use(cors({
origin: config.isHttps ? `https://${config.address}` : `http://${config.address}`, origin: function (origin, callback) {
if (config.corsAllowList.indexOf(origin) !== -1) {
callback(null, true);
} else {
callback(new Error('Not allowed by CORS'));
}
},
credentials: true, credentials: true,
optionsSuccessStatus: 200 optionsSuccessStatus: 200
})); }));