@azteam/express 1.2.249 → 1.2.250

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/src/Server.js +17 -14
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@azteam/express",
3
- "version": "1.2.249",
3
+ "version": "1.2.250",
4
4
  "main": "src/index.js",
5
5
  "engines": {
6
6
  "node": ">= 12.0.0",
package/src/Server.js CHANGED
@@ -149,22 +149,25 @@ class Server {
149
149
  app.use(cookieParser(process.env.SECRET_KEY));
150
150
 
151
151
  app.use(
152
- cors({
153
- allowedHeaders: ['Authorization', 'x-app-secret'],
154
- credentials: true,
155
- origin(origin, callback) {
156
- if (!origin) {
157
- if (isAllowEmptyOrigin) {
158
- callback(null, true);
159
- } else {
160
- callback(new ErrorException(CORS, `${origin} Not allowed by CORS`));
152
+ cors(function (req, callback) {
153
+ {
154
+ const origin = req.header('Origin');
155
+ const authorization = req.header('Authorization');
156
+
157
+ let error = null;
158
+
159
+ if (!authorization) {
160
+ if (!origin) {
161
+ if (!isAllowEmptyOrigin) {
162
+ error = new ErrorException(CORS, `Not allowed by CORS`);
163
+ }
164
+ } else if (!WHITE_LIST.some((re) => origin.endsWith(re))) {
165
+ error = new ErrorException(CORS, `${origin} Not allowed by CORS`);
161
166
  }
162
- } else if (!WHITE_LIST.length || WHITE_LIST.some((re) => origin.endsWith(re))) {
163
- callback(null, true);
164
- } else {
165
- callback(new ErrorException(CORS, `${origin} Not allowed by CORS`));
166
167
  }
167
- },
168
+
169
+ callback(error, true);
170
+ }
168
171
  })
169
172
  );
170
173