mirror of
https://github.com/Unleash/unleash.git
synced 2024-11-01 19:07:38 +01:00
42d64c8803
* feat: add CORS instance settings * refactor: disallow arbitrary asterisks in CORS origins
25 lines
549 B
TypeScript
25 lines
549 B
TypeScript
export const validateOrigin = (origin: string): boolean => {
|
|
if (origin === '*') {
|
|
return true;
|
|
}
|
|
|
|
if (origin?.includes('*')) {
|
|
return false;
|
|
}
|
|
|
|
try {
|
|
const parsed = new URL(origin);
|
|
return parsed.origin && parsed.origin === origin;
|
|
} catch {
|
|
return false;
|
|
}
|
|
};
|
|
|
|
export const validateOrigins = (origins: string[]): string | undefined => {
|
|
for (const origin of origins) {
|
|
if (!validateOrigin(origin)) {
|
|
return `Invalid origin: ${origin}`;
|
|
}
|
|
}
|
|
};
|