Infrastructure/logto
0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-01-27 21:39:16 -05:00
Code Issues Activity

fix(core): allow localhost CORS when only one endpoint available

Browse source
This commit is contained in:
Gao Sun 2023-02-26 14:59:31 +08:00
parent 89715baaa6
commit 54512c2603
No known key found for this signature in database
GPG key ID: 13EBE123E4773688
1 changed files with 12 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
packages/core/src/middleware/koa-cors.ts
View file

@ -13,14 +13,22 @@ export default function koaCors<StateT, ContextT, ResponseBodyT>(
if ( if (
origin && origin &&
urlSets.some((set) => urlSets.some((set) => {
set.deduplicated().some( const deduplicated = set.deduplicated();
// The URL Set has only one endpoint available, just use that endpoint.
if (deduplicated.length <= 1) {
return deduplicated.some((url) => url.origin === origin);
}
// For multiple endpoints, should filter out localhost in production.
return deduplicated.some(
(url) => (url) =>
url.origin === origin && url.origin === origin &&
// Disable localhost CORS in production since it's unsafe // Disable localhost CORS in production since it's unsafe
!(EnvSet.values.isProduction && url.hostname === 'localhost') !(EnvSet.values.isProduction && url.hostname === 'localhost')
) );
) })
) { ) {
return origin; return origin;
} }