babolivier
/
smam
關註 1
收藏 0
複製 0
程式碼 問題管理 0 合併請求 0 版本發佈 6 Wiki Activity
瀏覽代碼

Securised CORS

Brendan Abolivier 8 年之前
父節點
2404ecf9a8
當前提交
77b12b5cfc
簽署人: Brendan Abolivier <contact@brendanabolivier.com> GPG 金鑰 ID: 8EF1500759F70623
共有 2 個文件被更改,包括 5 次插入5 次删除
分割檢視 顯示文件統計
  1. 2
    3
      server.js
  2. 3
    2
      settings.example.json

+ 2
- 3
server.js 查看文件 

@@ -31,10 +31,9 @@ app.use(bodyParser.urlencoded({ extended: true }));
31 31 
 app.use(bodyParser.json());
32 32
33 33
34 
-// Allow cross-origin requests. Wildcard for now, we'll see if we can improve
35 
-// that.
34 
+// Allow cross-origin requests.
36 35 
 app.all('/*', function(req, res, next) {
37 
-    res.header('Access-Control-Allow-Origin', '*');
36 
+    res.header('Access-Control-Allow-Origin', settings.formUrl);
38 37 
     res.header('Access-Control-Allow-Headers', 'Content-Type')
39 38 
     next();
40 39 
 });

+ 3
- 2
settings.example.json 查看文件 

@@ -5,12 +5,13 @@
5 5 
         "port": 465,
6 6 
         "secure": true,
7 7 
         "auth": {
8 
-            "user": "noreply@noreply.tld",
8 
+            "user": "noreply@example.tld",
9 9 
             "pass": "hackme"
10 10 
         }
11 11 
     },
12 12 
     "recipients": [
13 13 
         "you@example.tld",
14 14 
         "someone.else@example.com"
15 
-    ]
15 
+    ],
16 
+    "formUrl": "https://example.tld/contact"
16 17 
 }