Cors #1037
3 changed files with 29 additions and 1 deletions
9
package-lock.json
generated
9
package-lock.json
generated
|
@ -3611,6 +3611,15 @@
|
||||||
"resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
|
"resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
|
||||||
"integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac="
|
"integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac="
|
||||||
},
|
},
|
||||||
|
"cors": {
|
||||||
|
"version": "2.8.5",
|
||||||
|
"resolved": "https://registry.npmjs.org/cors/-/cors-2.8.5.tgz",
|
||||||
|
"integrity": "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==",
|
||||||
|
"requires": {
|
||||||
|
"object-assign": "^4",
|
||||||
|
"vary": "^1"
|
||||||
|
}
|
||||||
|
},
|
||||||
"cosmiconfig": {
|
"cosmiconfig": {
|
||||||
"version": "5.0.7",
|
"version": "5.0.7",
|
||||||
"resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-5.0.7.tgz",
|
"resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-5.0.7.tgz",
|
||||||
|
|
|
@ -41,6 +41,7 @@
|
||||||
"body-parser": "^1.18.3",
|
"body-parser": "^1.18.3",
|
||||||
"connect-multiparty": "^2.2.0",
|
"connect-multiparty": "^2.2.0",
|
||||||
"cookie-session": "^2.0.0-beta.3",
|
"cookie-session": "^2.0.0-beta.3",
|
||||||
|
"cors": "^2.8.5",
|
||||||
"express": "^4.16.4",
|
"express": "^4.16.4",
|
||||||
"express-handlebars": "^3.0.0",
|
"express-handlebars": "^3.0.0",
|
||||||
"express-http-context": "^1.2.0",
|
"express-http-context": "^1.2.0",
|
||||||
|
|
|
@ -3,6 +3,7 @@ const express = require('express');
|
||||||
const bodyParser = require('body-parser');
|
const bodyParser = require('body-parser');
|
||||||
const expressHandlebars = require('express-handlebars');
|
const expressHandlebars = require('express-handlebars');
|
||||||
const helmet = require('helmet');
|
const helmet = require('helmet');
|
||||||
|
const cors = require('cors');
|
||||||
const cookieSession = require('cookie-session');
|
const cookieSession = require('cookie-session');
|
||||||
const http = require('http');
|
const http = require('http');
|
||||||
const logger = require('winston');
|
const logger = require('winston');
|
||||||
|
@ -82,7 +83,24 @@ function Server() {
|
||||||
|
|
||||||
// set HTTP headers to protect against well-known web vulnerabilties
|
// set HTTP headers to protect against well-known web vulnerabilties
|
||||||
app.use(helmet());
|
app.use(helmet());
|
||||||
|
// open cors for lbry.tv lbry.tech localhost lbry.com
|
||||||
|
var whitelist = [
|
||||||
|
'https://lbry.com',
|
||||||
|
'https://lbry.tech',
|
||||||
|
'https://lbry.tv',
|
||||||
|
'http://localhost',
|
||||||
|
'http://localhost:1337',
|
||||||
|
];
|
||||||
|
var corsOptions = {
|
||||||
|
origin: function(origin, callback) {
|
||||||
|
if (whitelist.indexOf(origin) !== -1) {
|
||||||
|
callback(null, true);
|
||||||
|
} else {
|
||||||
|
callback(new Error('Not allowed by CORS'));
|
||||||
|
}
|
||||||
|
},
|
||||||
|
};
|
||||||
|
app.use(cors(corsOptions));
|
||||||
// Support per-request http-context
|
// Support per-request http-context
|
||||||
app.use(httpContext.middleware);
|
app.use(httpContext.middleware);
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue