mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-20 15:36:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

openapi: disable cors headers for /api/** paths

Browse source 
Still enabled for /rest/** and **/openapi.json
This commit is contained in:
Viljami Kuosmanen 2020-03-30 03:52:25 +02:00 committed by muxator
parent 6aa30f213a
commit 3742fdfb04
1 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/node/hooks/express/openapi.js
View file

@ -556,6 +556,7 @@ exports.expressCreateServer = async (_, args) => {
// serve version specific openapi definition // serve version specific openapi definition
app.get(`${apiRoot}/openapi.json`, (req, res) => { app.get(`${apiRoot}/openapi.json`, (req, res) => {
// For openapi definitions, wide CORS is probably fine
res.header('Access-Control-Allow-Origin', '*'); res.header('Access-Control-Allow-Origin', '*');
res.json({ ...definition, servers: [generateServerForApiVersion(apiRoot, req)] }); res.json({ ...definition, servers: [generateServerForApiVersion(apiRoot, req)] });
}); });
@ -640,8 +641,11 @@ exports.expressCreateServer = async (_, args) => {
api.init(); api.init();
app.use(apiRoot, async (req, res) => { app.use(apiRoot, async (req, res) => {
try { try {
// allow cors if (style === APIPathStyle.REST) {
// @TODO: Don't allow CORS from everywhere
// This is purely to maintain compatibility with old swagger-node-express
res.header('Access-Control-Allow-Origin', '*'); res.header('Access-Control-Allow-Origin', '*');
}
await api.handleRequest(req, req, res); await api.handleRequest(req, req, res);
} catch (err) { } catch (err) {
if (err.name == 'apierror') { if (err.name == 'apierror') {