diff options
| author | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2022-08-22 22:18:59 +1000 |
|---|---|---|
| committer | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2022-08-22 22:18:59 +1000 |
| commit | 0cd9a46eea260c299db2e2983f7214ab8b119d29 (patch) | |
| tree | 5fbb98e7adcfeab81594732089474afdde5893f9 /src/api/middlewares/CORS.ts | |
| parent | Merge branch 'master' into feat/captchaVerify (diff) | |
| parent | Merge remote-tracking branch 'Puyodead1/patch/prettier-config' into staging (diff) | |
| download | server-0cd9a46eea260c299db2e2983f7214ab8b119d29.tar.xz | |
Merge remote-tracking branch 'upstream/staging' into feat/captchaVerify
Diffstat (limited to 'src/api/middlewares/CORS.ts')
| -rw-r--r-- | src/api/middlewares/CORS.ts | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/api/middlewares/CORS.ts b/src/api/middlewares/CORS.ts new file mode 100644 index 00000000..20260cf9 --- /dev/null +++ b/src/api/middlewares/CORS.ts @@ -0,0 +1,16 @@ +import { NextFunction, Request, Response } from "express"; + +// TODO: config settings + +export function CORS(req: Request, res: Response, next: NextFunction) { + res.set("Access-Control-Allow-Origin", "*"); + // TODO: use better CSP + res.set( + "Content-security-policy", + "default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';" + ); + res.set("Access-Control-Allow-Headers", req.header("Access-Control-Request-Headers") || "*"); + res.set("Access-Control-Allow-Methods", req.header("Access-Control-Request-Methods") || "*"); + + next(); +} |