Browse Source

Securised CORS

Brendan Abolivier 8 years ago
parent
commit
77b12b5cfc
Signed by: Brendan Abolivier <contact@brendanabolivier.com> GPG key ID: 8EF1500759F70623
2 changed files with 5 additions and 5 deletions
  1. 2
    3
      server.js
  2. 3
    2
      settings.example.json

+ 2
- 3
server.js View File

31
 app.use(bodyParser.json());
31
 app.use(bodyParser.json());
32
 
32
 
33
 
33
 
34
-// Allow cross-origin requests. Wildcard for now, we'll see if we can improve
35
-// that.
34
+// Allow cross-origin requests.
36
 app.all('/*', function(req, res, next) {
35
 app.all('/*', function(req, res, next) {
37
-    res.header('Access-Control-Allow-Origin', '*');
36
+    res.header('Access-Control-Allow-Origin', settings.formUrl);
38
     res.header('Access-Control-Allow-Headers', 'Content-Type')
37
     res.header('Access-Control-Allow-Headers', 'Content-Type')
39
     next();
38
     next();
40
 });
39
 });

+ 3
- 2
settings.example.json View File

5
         "port": 465,
5
         "port": 465,
6
         "secure": true,
6
         "secure": true,
7
         "auth": {
7
         "auth": {
8
-            "user": "noreply@noreply.tld",
8
+            "user": "noreply@example.tld",
9
             "pass": "hackme"
9
             "pass": "hackme"
10
         }
10
         }
11
     },
11
     },
12
     "recipients": [
12
     "recipients": [
13
         "you@example.tld",
13
         "you@example.tld",
14
         "someone.else@example.com"
14
         "someone.else@example.com"
15
-    ]
15
+    ],
16
+    "formUrl": "https://example.tld/contact"
16
 }
17
 }