@azteam/express 1.2.249 → 1.2.251

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/src/Server.js +13 -13
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@azteam/express",
3
- "version": "1.2.249",
3
+ "version": "1.2.251",
4
4
  "main": "src/index.js",
5
5
  "engines": {
6
6
  "node": ">= 12.0.0",
package/src/Server.js CHANGED
@@ -149,22 +149,22 @@ class Server {
149
149
  app.use(cookieParser(process.env.SECRET_KEY));
150
150
 
151
151
  app.use(
152
- cors({
153
- allowedHeaders: ['Authorization', 'x-app-secret'],
154
- credentials: true,
155
- origin(origin, callback) {
152
+ cors(function (req, callback) {
153
+ const origin = req.header('Origin');
154
+ const authorization = req.header('Authorization');
155
+
156
+ let error = null;
157
+
158
+ if (!authorization) {
156
159
  if (!origin) {
157
- if (isAllowEmptyOrigin) {
158
- callback(null, true);
159
- } else {
160
- callback(new ErrorException(CORS, `${origin} Not allowed by CORS`));
160
+ if (!isAllowEmptyOrigin) {
161
+ error = new ErrorException(CORS, `Not allowed by CORS`);
161
162
  }
162
- } else if (!WHITE_LIST.length || WHITE_LIST.some((re) => origin.endsWith(re))) {
163
- callback(null, true);
164
- } else {
165
- callback(new ErrorException(CORS, `${origin} Not allowed by CORS`));
163
+ } else if (!WHITE_LIST.some((re) => origin.endsWith(re))) {
164
+ error = new ErrorException(CORS, `${origin} Not allowed by CORS`);
166
165
  }
167
- },
166
+ }
167
+ callback(error, true);
168
168
  })
169
169
  );
170
170