admin管理员组

文章数量:1325522

Something is off with my setup. I'm wondering if it is how I defined my list of allowed origins in my .env file.

In my .env file i have a list of trusted subdomains:

// .env file
ALLOWED_ORIGINS=http://localhost:3001, http://localhost:3000, ,

in my server.ts file I am trying to set origins to the value from my .env file, see the line origins: allowedOrigins. It was previously set to origins: ['*']

// server.ts file

export default createServer = (container) => {
  const env = process.env.NODE_ENV
  const allowedOrigins = process.env.ALLOWED_ORIGINS || ''

  const cors = Cors({
    origins: allowedOrigins,
    allowedHeaders: [
      'access-control-allow-origin',
      'authorization',
      'Pragma',
      'contact',
    ],
    exposeHeaders: []
  })
}

Something is off with my setup. I'm wondering if it is how I defined my list of allowed origins in my .env file.

In my .env file i have a list of trusted subdomains:

// .env file
ALLOWED_ORIGINS=http://localhost:3001, http://localhost:3000, https://wwww.site1., https://www.site2.

in my server.ts file I am trying to set origins to the value from my .env file, see the line origins: allowedOrigins. It was previously set to origins: ['*']

// server.ts file

export default createServer = (container) => {
  const env = process.env.NODE_ENV
  const allowedOrigins = process.env.ALLOWED_ORIGINS || ''

  const cors = Cors({
    origins: allowedOrigins,
    allowedHeaders: [
      'access-control-allow-origin',
      'authorization',
      'Pragma',
      'contact',
    ],
    exposeHeaders: []
  })
}
  • javascript
  • node.js
  • security
  • cors
Share Improve this question asked Jul 12, 2021 at 17:23 ghostagent151ghostagent151 1,4363 gold badges20 silver badges40 bronze badges 1
  • 1 And what exactly is "off"? Did you check what value you're actually setting origins to? – jonrsharpe Commented Jul 12, 2021 at 17:25
Add a ment  | 

2 Answers 2

Reset to default 5

I checked the cors npm page, the origins option does not accept multiple origins in a ma-separated string. It accepts an array instead.

You can split your environment variable by "," to have the desired format. In the code below, I added the .trim() method to cut down unnecessaries spaces in the string.

// server.ts file

export default createServer = (container) => {
  const env = process.env.NODE_ENV
  const allowedOrigins = process.env.ALLOWED_ORIGINS || ''
  const allowedOriginsArray = allowedOrigins.split(",").map(item => item.trim());

  const cors = Cors({
    origins: allowedOriginsArray,
    allowedHeaders: [
      'access-control-allow-origin',
      'authorization',
      'Pragma',
      'contact',
    ],
    exposeHeaders: []
  })
}

You just have to split them by ma

const allowedOrigins = process.env.ALLOWED_ORIGINS.split(",") || '';

Also,

I believe it is just origin and not origins

For the below, allowedOrigins must be an array. so you just map and return an array

const allowedOrigins = process.env.ALLOWED_ORIGINS.split(',').map(origin=>origin);

const cors = Cors({
    origin: (origin, callback) => {
        allowedOrigins.includes(origin) ? callback(null, true) : callback(new Error('Not allowed by CORS'))
    },
    allowedHeaders: [
      'access-control-allow-origin',
      'authorization',
      'Pragma',
      'contact',
    ],
    exposeHeaders: []
  })
}

Ref:- https://www.npmjs./package/cors

本文标签:

版权声明:本文标题:I'm trying to set my cors origins value to a list of trusted subdomains, using node.js and javascript - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1742195598a2431021.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。