freeCodeCamp/api-server/server/middlewares/constant-headers.js

import { homeLocation } from '../../../config/env';
import { allowedOrigins } from '../../../config/cors-settings';

export default function constantHeaders() {
  return function(req, res, next) {
    if (
      req.headers &&
      req.headers.origin &&
      allowedOrigins.includes(req.headers.origin)
    ) {
      res.header('Access-Control-Allow-Origin', req.headers.origin);
    } else {
      res.header('Access-Control-Allow-Origin', homeLocation);
    }
    res.header('Access-Control-Allow-Credentials', true);
    res.header(
      'Access-Control-Allow-Headers',
      'Origin, X-Requested-With, Content-Type, Accept'
    );
    next();
  };
}
fix(server,client): CORS is a real nightmare 2019-08-15 14:42:30 +05:30			`import { homeLocation } from '../../../config/env';`
fix: negative sentiment → neutral language (#39522) The existing terminology carries negative sentiment that can be interpreted in a racial or sense. Updating the name to have no potential for such a connection. Co-authored-by: Justin Rogers <justrog@gmail.com> 2020-09-07 11:04:44 +05:30			`import { allowedOrigins } from '../../../config/cors-settings';`
fix(server,client): CORS is a real nightmare 2019-08-15 14:42:30 +05:30
use (LMP)loopback middleware phases bump loopback-component-passport which uses LMP move custom middlewares to middlewares directory 2015-08-04 01:25:34 -07:00			`export default function constantHeaders() {`
			`return function(req, res, next) {`
fix: add pass thru for some subdomains (#38315) * fix: add passthru for some subdomains * fix: export whitelist correctly 2020-03-03 20:32:04 +05:30			`if (`
			`req.headers &&`
			`req.headers.origin &&`
fix: negative sentiment → neutral language (#39522) The existing terminology carries negative sentiment that can be interpreted in a racial or sense. Updating the name to have no potential for such a connection. Co-authored-by: Justin Rogers <justrog@gmail.com> 2020-09-07 11:04:44 +05:30			`allowedOrigins.includes(req.headers.origin)`
fix: add pass thru for some subdomains (#38315) * fix: add passthru for some subdomains * fix: export whitelist correctly 2020-03-03 20:32:04 +05:30			`) {`
			`res.header('Access-Control-Allow-Origin', req.headers.origin);`
			`} else {`
			`res.header('Access-Control-Allow-Origin', homeLocation);`
			`}`
fix(server,client): CORS is a real nightmare 2019-08-15 14:42:30 +05:30			`res.header('Access-Control-Allow-Credentials', true);`
feat: Use prettier-eslint to format code 2019-02-18 19:32:49 +00:00			`res.header(`
			`'Access-Control-Allow-Headers',`
use (LMP)loopback middleware phases bump loopback-component-passport which uses LMP move custom middlewares to middlewares directory 2015-08-04 01:25:34 -07:00			`'Origin, X-Requested-With, Content-Type, Accept'`
			`);`
			`next();`
			`};`
			`}`