summary refs log tree commit diff
path: root/src/api/middlewares/CORS.ts
diff options
context:
space:
mode:
authorMadeline <46743919+MaddyUnderStars@users.noreply.github.com>2022-09-25 18:24:21 +1000
committerMadeline <46743919+MaddyUnderStars@users.noreply.github.com>2022-09-25 23:35:18 +1000
commitf44f5d7ac2d24ff836c2e1d4b2fa58da04b13052 (patch)
treea6655c41bb3db79c30fd876b06ee60fe9cf70c9b /src/api/middlewares/CORS.ts
parentAllow edited_timestamp to passthrough in handleMessage (diff)
downloadserver-f44f5d7ac2d24ff836c2e1d4b2fa58da04b13052.tar.xz
Refactor to mono-repo + upgrade packages
Diffstat (limited to 'src/api/middlewares/CORS.ts')
-rw-r--r--src/api/middlewares/CORS.ts16
1 files changed, 16 insertions, 0 deletions
diff --git a/src/api/middlewares/CORS.ts b/src/api/middlewares/CORS.ts
new file mode 100644

index 00000000..20260cf9 --- /dev/null +++ b/src/api/middlewares/CORS.ts
@@ -0,0 +1,16 @@ +import { NextFunction, Request, Response } from "express"; + +// TODO: config settings + +export function CORS(req: Request, res: Response, next: NextFunction) { + res.set("Access-Control-Allow-Origin", "*"); + // TODO: use better CSP + res.set( + "Content-security-policy", + "default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';" + ); + res.set("Access-Control-Allow-Headers", req.header("Access-Control-Request-Headers") || "*"); + res.set("Access-Control-Allow-Methods", req.header("Access-Control-Request-Methods") || "*"); + + next(); +}