nginx-proxy-manager/backend/lib/express/cors.js

const validator = require('../validator');

module.exports = function (req, res, next) {

	if (req.headers.origin) {

		// very relaxed validation....
		validator({
			type:    'string',
			pattern: '^[a-z\\-]+:\\/\\/(?:[\\w\\-\\.]+(:[0-9]+)?/?)?$'
		}, req.headers.origin)
			.then(function () {
				res.set({
					'Access-Control-Allow-Origin':      req.headers.origin,
					'Access-Control-Allow-Credentials': true,
					'Access-Control-Allow-Methods':     'OPTIONS, GET, POST',
					'Access-Control-Allow-Headers':     'Content-Type, Cache-Control, Pragma, Expires, Authorization, X-Dataset-Total, X-Dataset-Offset, X-Dataset-Limit',
					'Access-Control-Max-Age':           5 * 60,
					'Access-Control-Expose-Headers':    'X-Dataset-Total, X-Dataset-Offset, X-Dataset-Limit'
				});
				next();
			})
			.catch(next);

	} else {
		// No origin
		next();
	}

};
v2.1.0 (#293) * Fix wrapping when too many hosts are shown (#207) * Update npm packages, fixes CVE-2019-10757 * Revert some breaking packages * Major overhaul - Docker buildx support in CI - Cypress API Testing in CI - Restructured folder layout (insert clean face meme) - Added Swagger documentation and validate API against that (to be completed) - Use common base image for all supported archs, which includes updated nginx with ipv6 support - Updated certbot and changes required for it - Large amount of Hosts names will wrap in UI - Updated packages for frontend - Version bump 2.1.0 * Updated documentation * Fix JWT expire time going crazy. Now set to 1day * Backend JS formatting rules * Remove v1 importer, I doubt anyone is using v1 anymore * Added backend formatting rules and enforce them in Jenkins builds * Fix CI, doesn't need a tty * Thanks bcrypt. Why can't you just be normal. * Cleanup after syntax check Co-authored-by: Marcelo Castagna <margaale@users.noreply.github.com> 2020-02-18 23:55:06 -05:00			`const validator = require('../validator');`

			`module.exports = function (req, res, next) {`

			`if (req.headers.origin) {`

			`// very relaxed validation....`
			`validator({`
			`type: 'string',`
			`pattern: '^[a-z\\-]+:\\/\\/(?:[\\w\\-\\.]+(:[0-9]+)?/?)?$'`
			`}, req.headers.origin)`
			`.then(function () {`
			`res.set({`
			`'Access-Control-Allow-Origin': req.headers.origin,`
			`'Access-Control-Allow-Credentials': true,`
			`'Access-Control-Allow-Methods': 'OPTIONS, GET, POST',`
			`'Access-Control-Allow-Headers': 'Content-Type, Cache-Control, Pragma, Expires, Authorization, X-Dataset-Total, X-Dataset-Offset, X-Dataset-Limit',`
			`'Access-Control-Max-Age': 5 * 60,`
			`'Access-Control-Expose-Headers': 'X-Dataset-Total, X-Dataset-Offset, X-Dataset-Limit'`
			`});`
			`next();`
			`})`
			`.catch(next);`

			`} else {`
			`// No origin`
			`next();`
			`}`

			`};`