Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2025-12-16 15:30:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
wekan/server/cors.js
Lauri Ojansivu f26d582018 Fix SECURITY ISSUE 2: Access to boards of any Orgs/Teams, and avatar permissions. 
Thanks to Siam Thanat Hack (STH) !
2025-11-02 09:11:50 +02:00

35 lines
1.1 KiB
JavaScript
Raw Blame History

Meteor.startup(() => {
// Optional: Set Permissions-Policy only if explicitly provided to avoid browser warnings about unrecognized features
if (process.env.PERMISSIONS_POLICY && process.env.PERMISSIONS_POLICY.trim() !== '') {
WebApp.rawConnectHandlers.use(function(req, res, next) {
res.setHeader('Permissions-Policy', process.env.PERMISSIONS_POLICY);
return next();
});
}
if (process.env.CORS) {
// Listen to incoming HTTP requests, can only be used on the server
WebApp.rawConnectHandlers.use(function(req, res, next) {
res.setHeader('Access-Control-Allow-Origin', process.env.CORS);
return next();
});
}
if (process.env.CORS_ALLOW_HEADERS) {
WebApp.rawConnectHandlers.use(function(req, res, next) {
res.setHeader(
'Access-Control-Allow-Headers',
process.env.CORS_ALLOW_HEADERS,
);
return next();
});
}
if (process.env.CORS_EXPOSE_HEADERS) {
WebApp.rawConnectHandlers.use(function(req, res, next) {
res.setHeader(
'Access-Control-Expose-Headers',
process.env.CORS_EXPOSE_HEADERS,
);
return next();
});
}
});
Reference in a new issue View git blame Copy permalink