|
1 | | -const validator = require('../validator'); |
2 | | - |
3 | 1 | module.exports = function (req, res, next) { |
4 | | - |
5 | 2 | if (req.headers.origin) { |
6 | | - |
7 | | - const originSchema = { |
8 | | - oneOf: [ |
9 | | - { |
10 | | - type: 'string', |
11 | | - pattern: '^[a-z\\-]+:\\/\\/(?:[\\w\\-\\.]+(:[0-9]+)?/?)?$' |
12 | | - }, |
13 | | - { |
14 | | - type: 'string', |
15 | | - pattern: '^[a-z\\-]+:\\/\\/(?:\\[([a-z0-9]{0,4}\\:?)+\\])?/?(:[0-9]+)?$' |
16 | | - } |
17 | | - ] |
18 | | - }; |
19 | | - |
20 | | - // very relaxed validation.... |
21 | | - validator(originSchema, req.headers.origin) |
22 | | - .then(function () { |
23 | | - res.set({ |
24 | | - 'Access-Control-Allow-Origin': req.headers.origin, |
25 | | - 'Access-Control-Allow-Credentials': true, |
26 | | - 'Access-Control-Allow-Methods': 'OPTIONS, GET, POST', |
27 | | - 'Access-Control-Allow-Headers': 'Content-Type, Cache-Control, Pragma, Expires, Authorization, X-Dataset-Total, X-Dataset-Offset, X-Dataset-Limit', |
28 | | - 'Access-Control-Max-Age': 5 * 60, |
29 | | - 'Access-Control-Expose-Headers': 'X-Dataset-Total, X-Dataset-Offset, X-Dataset-Limit' |
30 | | - }); |
31 | | - next(); |
32 | | - }) |
33 | | - .catch(next); |
34 | | - |
| 3 | + res.set({ |
| 4 | + 'Access-Control-Allow-Origin': req.headers.origin, |
| 5 | + 'Access-Control-Allow-Credentials': true, |
| 6 | + 'Access-Control-Allow-Methods': 'OPTIONS, GET, POST', |
| 7 | + 'Access-Control-Allow-Headers': 'Content-Type, Cache-Control, Pragma, Expires, Authorization, X-Dataset-Total, X-Dataset-Offset, X-Dataset-Limit', |
| 8 | + 'Access-Control-Max-Age': 5 * 60, |
| 9 | + 'Access-Control-Expose-Headers': 'X-Dataset-Total, X-Dataset-Offset, X-Dataset-Limit' |
| 10 | + }); |
| 11 | + next(); |
35 | 12 | } else { |
36 | 13 | // No origin |
37 | 14 | next(); |
38 | 15 | } |
39 | | - |
40 | 16 | }; |
0 commit comments