npm - tkserver - Versions diffs - 1.6.40 → 1.6.42 - Mend

tkserver 1.6.40 → 1.6.42

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/mongo.js +15 -6
package/package.json +2 -2

package/mongo.js CHANGED Viewed

@@ -181,13 +181,22 @@ function allowCors (request, response) {
 function getAllowedOrigin (request) {
   const localhostRegex = /^https?:\/\/(localhost|127\.0\.0\.1|0\.0\.0\.0)(:\d{1,5})?$/
-  if (localhostRegex.test(request.headers.origin)) {
-    return request.headers.origin
-  } else if (config.CORS_ALLOW_ORIGIN) {
-    // 许多用户设置安全域名时，喜欢带结尾的 "/"，必须处理掉
-    return config.CORS_ALLOW_ORIGIN.replace(/\/$/, '')
+  if (localhostRegex.test(request.headers.origin)) { // 判断是否为本地主机，如是则允许跨域
+    return request.headers.origin // Allow
+  } else if (config.CORS_ALLOW_ORIGIN) { // 如设置了安全域名则检查
+    // 适配多条 CORS 规则
+    // 以逗号分隔 CORS
+    const corsList = config.CORS_ALLOW_ORIGIN.split(',')
+    // 遍历 CORS 列表
+    for (let i = 0; i < corsList.length; i++) {
+      const cors = corsList[i].replace(/\/$/, '') // 获取当前 CORS 并去除末尾的斜杠
+      if (cors === request.headers.origin) {
+        return request.headers.origin // Allow
+      }
+    }
+    return '' // 不在安全域名列表中则禁止跨域
   } else {
-    return request.headers.origin
+    return request.headers.origin // 未设置安全域名直接 Allow
   }
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "tkserver",
-  "version": "1.6.40",
+  "version": "1.6.42",
   "description": "A simple comment system.",
   "keywords": [
     "twikoo",
@@ -31,7 +31,7 @@
     "get-user-ip": "^1.0.1",
     "lokijs": "^1.5.12",
     "mongodb": "^6.3.0",
-    "twikoo-func": "1.6.40",
+    "twikoo-func": "1.6.42",
     "uuid": "^8.3.2"
   }
 }