app.use(cors({ origin: function(origin, callback) { if (!origin) { return callback(null, true); } if (config.allowedOrigins.indexOf(origin) === -1 && config.allowedOrigins.indexOf("*") === -1) { var msg = 'The CORS policy for this site does not allow access from the specified Origin.'; return callback(new Error(msg), false); } return callback(null, true); } }));
// Setup the CORS policy with multi-domain capability. app.use( cors({ origin: (origin, callback) => { if (config.frontend.baseURL.includes(origin) || !origin) { callback(null, true); } else { callback(null, false); } }, credentials: true, exposedHeaders: "Access-Control-Allow-Origin,Access-Control-Allow-Credentials" }) );
async init({ express }) { // CORS express.use( cors({ credentials: true, origin: (origin, callback) => { let match = !origin || this.config.apiOrigins.includes(origin); if (match) return callback(null, true); console.log(`CORS! ${origin}`); let error = new Error("Not allowed by CORS"); error.statusCode = 403; return callback(error); } }) ); // HTTP compression express.use(compression()); // Log request if (process.env.NODE_ENV !== "test") express.use(logger("short")); // Default headers express.use((req, res, next) => { res.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); return next(); }); }
/** * Configure middleware */ app.use( cors({ // origin: `http://localhost:${srvConfig.SERVER_PORT}`, origin: function (origin, callback) { return callback(null, true) }, optionsSuccessStatus: 200, credentials: true }), session({ saveUninitialized: true, secret: srvConfig.SESSION_SECRET, resave: true }), cookieParser(), bodyParser.json() );
app.use(cors({ origin: function(origin, callback){ // allow requests with no origin // (like mobile apps or curl requests) if(!origin) return callback(null, true); if(allowedOrigins.indexOf(origin) === -1){ var msg = 'The CORS policy for this site does not ' + 'allow access from the specified Origin.'; return callback(new Error(msg), false); } return callback(null, true); }, }));
// allow cors requests from any origin and with credentials app.use(cors({ origin: (origin, callback) => callback(null, true), credentials: true }));