Skip to content

Commit

Permalink
feat(api-server): CORS supports wildcard
Browse files Browse the repository at this point in the history
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
  • Loading branch information
petermetz committed May 19, 2020
1 parent f3061ad commit b4b0f83
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -110,10 +110,11 @@ export class ApiServer {
createCorsMiddleware(): RequestHandler {
const apiCorsDomainCsv = this.options.config.get('apiCorsDomainCsv');
const allowedDomains = apiCorsDomainCsv.split(',');
const allDomainsAllowed = allowedDomains.includes('*');

const corsOptions: CorsOptions = {
origin: (origin: string | undefined, callback) => {
if (origin && allowedDomains.indexOf(origin) !== -1) {
if (allDomainsAllowed || origin && allowedDomains.indexOf(origin) !== -1) {
callback(null, true);
} else {
callback(new Error(`CORS not allowed for Origin "${origin}".`));
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,9 @@ export class ConfigService {
default: 4000,
},
apiCorsDomainCsv: {
doc: 'The Comma seperated list of domains to allow Cross Origin Resource Sharing from when serving API requests.',
doc: 'The Comma seperated list of domains to allow Cross Origin Resource Sharing from when ' +
'serving API requests. The wildcard (*) character is supported to allow CORS for any and all domains, ' +
'however using it is not recommended unless you are developing or demonstrating something with BIF.',
format: '*',
env: 'API_CORS_DOMAIN_CSV',
arg: 'api-cors-domain-csv',
Expand Down

0 comments on commit b4b0f83

Please sign in to comment.