mudhorn/n8n
1
0
Fork 0
mirror of https://github.com/n8n-io/n8n.git synced 2025-01-06 10:27:28 -08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
n8n/packages/cli/src/middlewares/cors.ts

21 lines
621 B
TypeScript
Raw Normal View History

fix: Upgrade sse-channel to mitigate CVE-2019-10744 (#4835) sse-channel 4 removed CORS support, that's why we need to handle CORS for `/push` ourselves now.
2022-12-07 06:13:36 -08:00
import type { RequestHandler } from 'express';
export const corsMiddleware: RequestHandler = (req, res, next) => {
refactor: Delete a lot of unused and duplicate code in Server and WebhookServer (#5080) * store n8n version string in a const and use that everywhere * reduce code duplication between Server and WebhookServer * unify redis checks * fix linting
2023-01-04 02:38:48 -08:00
if ('origin' in req.headers) {
fix: Upgrade sse-channel to mitigate CVE-2019-10744 (#4835) sse-channel 4 removed CORS support, that's why we need to handle CORS for `/push` ourselves now.
2022-12-07 06:13:36 -08:00
// Allow access also from frontend when developing
res.header('Access-Control-Allow-Origin', req.headers.origin);
res.header('Access-Control-Allow-Credentials', 'true');
res.header('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, PATCH, DELETE');
res.header(
'Access-Control-Allow-Headers',
'Origin, X-Requested-With, Content-Type, Accept, sessionid',
);
}
fix(core): CORS middleware should not process the entire handler chain on OPTIONS requests (no-changelog) (#5368) fix(core): CORS middleware should not process the entire handler chain on OPTIONS requests
2023-02-06 03:43:50 -08:00
if (req.method === 'OPTIONS') {
res.writeHead(204).end();
} else {
next();
}
fix: Upgrade sse-channel to mitigate CVE-2019-10744 (#4835) sse-channel 4 removed CORS support, that's why we need to handle CORS for `/push` ourselves now.
2022-12-07 06:13:36 -08:00
};
Reference in a new issue Copy permalink