From e6e4f297c697c3371743bc1e1b2524235c4aea19 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E0=A4=95=E0=A4=BE=E0=A4=B0=E0=A4=A4=E0=A5=8B=E0=A4=AB?= =?UTF-8?q?=E0=A5=8D=E0=A4=AB=E0=A5=87=E0=A4=B2=E0=A4=B8=E0=A5=8D=E0=A4=95?= =?UTF-8?q?=E0=A5=8D=E0=A4=B0=E0=A4=BF=E0=A4=AA=E0=A5=8D=E0=A4=9F=E2=84=A2?= Date: Mon, 26 Sep 2022 15:15:44 +0200 Subject: [PATCH] fix(cli): Disable CORS on SSE connections in production (#4190) --- packages/cli/src/Push.ts | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/packages/cli/src/Push.ts b/packages/cli/src/Push.ts index d5cc3babda..e8da271028 100644 --- a/packages/cli/src/Push.ts +++ b/packages/cli/src/Push.ts @@ -1,13 +1,16 @@ -/* eslint-disable @typescript-eslint/no-unsafe-call */ -/* eslint-disable @typescript-eslint/no-unsafe-member-access */ // @ts-ignore import sseChannel from 'sse-channel'; import express from 'express'; import { LoggerProxy as Logger } from 'n8n-workflow'; -// eslint-disable-next-line import/no-cycle import { IPushData, IPushDataType } from '.'; +interface SSEChannelOptions { + cors?: { + origins: string[]; + }; +} + export class Push { private channel: sseChannel; @@ -16,13 +19,16 @@ export class Push { } = {}; constructor() { - // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, new-cap - this.channel = new sseChannel({ - cors: { + const options: SSEChannelOptions = {}; + if (process.env.NODE_ENV !== 'production') { + options.cors = { // Allow access also from frontend when developing origins: ['http://localhost:8080'], - }, - }); + }; + } + + // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-call + this.channel = new sseChannel(options); // eslint-disable-next-line @typescript-eslint/no-unsafe-call this.channel.on('disconnect', (channel: string, res: express.Response) => {