Make cors middleware more generic and link it just to application level
This commit is contained in:
parent
5cd073c96f
commit
462ba62656
@ -1,7 +1,6 @@
|
||||
const windshaft = require('windshaft');
|
||||
const MapConfig = windshaft.model.MapConfig;
|
||||
const Datasource = windshaft.model.Datasource;
|
||||
const cors = require('../../middleware/cors');
|
||||
const cleanUpQueryParams = require('../../middleware/clean-up-query-params');
|
||||
const credentials = require('../../middleware/credentials');
|
||||
const dbConnSetup = require('../../middleware/db-conn-setup');
|
||||
@ -66,9 +65,9 @@ function AnonymousMapController (
|
||||
module.exports = AnonymousMapController;
|
||||
|
||||
AnonymousMapController.prototype.register = function (mapRouter) {
|
||||
mapRouter.options('/');
|
||||
mapRouter.get('/', this.composeCreateMapMiddleware());
|
||||
mapRouter.post('/', this.composeCreateMapMiddleware());
|
||||
mapRouter.options('/', cors('Content-Type'));
|
||||
};
|
||||
|
||||
AnonymousMapController.prototype.composeCreateMapMiddleware = function () {
|
||||
|
@ -1,5 +1,4 @@
|
||||
const { templateName } = require('../../backends/template_maps');
|
||||
const cors = require('../../middleware/cors');
|
||||
const credentials = require('../../middleware/credentials');
|
||||
const rateLimit = require('../../middleware/rate-limit');
|
||||
const { RATE_LIMIT_ENDPOINTS_GROUPS } = rateLimit;
|
||||
@ -20,6 +19,8 @@ function AdminTemplateController(authApi, templateMaps, userLimitsApi) {
|
||||
module.exports = AdminTemplateController;
|
||||
|
||||
AdminTemplateController.prototype.register = function (templateRouter) {
|
||||
templateRouter.options(`/:template_id`);
|
||||
|
||||
templateRouter.post(
|
||||
`/`,
|
||||
credentials(),
|
||||
@ -66,8 +67,6 @@ AdminTemplateController.prototype.register = function (templateRouter) {
|
||||
listTemplates({ templateMaps: this.templateMaps }),
|
||||
sendResponse()
|
||||
);
|
||||
|
||||
templateRouter.options(`/:template_id`, cors('Content-Type'));
|
||||
};
|
||||
|
||||
function checkContentType ({ action, label }) {
|
||||
|
@ -1,13 +1,17 @@
|
||||
module.exports = function cors (extraHeaders) {
|
||||
module.exports = function cors () {
|
||||
return function corsMiddleware (req, res, next) {
|
||||
let baseHeaders = "X-Requested-With, X-Prototype-Version, X-CSRF-Token";
|
||||
const headers = [
|
||||
'X-Requested-With',
|
||||
'X-Prototype-Version',
|
||||
'X-CSRF-Token'
|
||||
];
|
||||
|
||||
if(extraHeaders) {
|
||||
baseHeaders += ", " + extraHeaders;
|
||||
if (req.method === 'OPTIONS') {
|
||||
headers.push('Content-Type');
|
||||
}
|
||||
|
||||
res.set("Access-Control-Allow-Origin", "*");
|
||||
res.set("Access-Control-Allow-Headers", baseHeaders);
|
||||
res.set("Access-Control-Allow-Headers", headers.join(', '));
|
||||
|
||||
next();
|
||||
};
|
||||
|
Loading…
Reference in New Issue
Block a user