Changes to more strict origin policy.

2017-06-03 11:17:09 +02:00
parent 21c40e9b34
commit d05aa13c39
1 changed files with 7 additions and 3 deletions
--- a/src/webserver/app.js
+++ b/src/webserver/app.js
@@ -8,14 +8,18 @@ var bodyParser = require('body-parser');
 app.use(bodyParser.json());
 app.use(bodyParser.urlencoded({ extended: true }));

-var port = 31459;        // set our port

+var port = 31459;        // set our port
 var router = express.Router();
+var allowedOrigins = ['https://kevinmidboe.com', 'http://localhost:8080']
+

 router.use(function(req, res, next) {
-    // do logging
    console.log('Something is happening.');
-	res.setHeader('Access-Control-Allow-Origin', 'https://kevinmidboe.com');
+    var origin = req.headers.origin;
+    if (allowedOrigins.indexOf(origin) > -1) {
+		res.setHeader('Access-Control-Allow-Origin', origin);
+	}
    next();
 });