ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-10-31 15:53:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix schema issue with cors

Browse Source
This commit is contained in:
Jamie Curnow
2024-10-10 16:31:19 +10:00
parent 4572b205c9
commit 7c97516de6
2 changed files with 10 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/lib/access.js
View File

@@ -268,6 +268,7 @@ module.exports = function (token_string) {
let permissionSchema = { let permissionSchema = {
$async: true, $async: true,
$id: 'permissions', $id: 'permissions',
type: 'object',
additionalProperties: false, additionalProperties: false,
properties: {} properties: {}
}; };
@@ -277,7 +278,6 @@ module.exports = function (token_string) {
const ajv = new Ajv({ const ajv = new Ajv({
verbose: true, verbose: true,
allErrors: true, allErrors: true,
missingRefs: 'fail',
breakOnError: true, breakOnError: true,
coerceTypes: true, coerceTypes: true,
schemas: [ schemas: [

42
backend/lib/express/cors.js
View File

@@ -1,40 +1,16 @@
const validator = require('../validator');
module.exports = function (req, res, next) { module.exports = function (req, res, next) {
if (req.headers.origin) { if (req.headers.origin) {
res.set({
const originSchema = { 'Access-Control-Allow-Origin': req.headers.origin,
oneOf: [ 'Access-Control-Allow-Credentials': true,
{ 'Access-Control-Allow-Methods': 'OPTIONS, GET, POST',
type: 'string', 'Access-Control-Allow-Headers': 'Content-Type, Cache-Control, Pragma, Expires, Authorization, X-Dataset-Total, X-Dataset-Offset, X-Dataset-Limit',
pattern: '^[a-z\\-]+:\\/\\/(?:[\\w\\-\\.]+(:[0-9]+)?/?)?$' 'Access-Control-Max-Age': 5 * 60,
}, 'Access-Control-Expose-Headers': 'X-Dataset-Total, X-Dataset-Offset, X-Dataset-Limit'
{ });
type: 'string', next();
pattern: '^[a-z\\-]+:\\/\\/(?:\\[([a-z0-9]{0,4}\\:?)+\\])?/?(:[0-9]+)?$'
}
]
};
// very relaxed validation....
validator(originSchema, req.headers.origin)
.then(function () {
res.set({
'Access-Control-Allow-Origin': req.headers.origin,
'Access-Control-Allow-Credentials': true,
'Access-Control-Allow-Methods': 'OPTIONS, GET, POST',
'Access-Control-Allow-Headers': 'Content-Type, Cache-Control, Pragma, Expires, Authorization, X-Dataset-Total, X-Dataset-Offset, X-Dataset-Limit',
'Access-Control-Max-Age': 5 * 60,
'Access-Control-Expose-Headers': 'X-Dataset-Total, X-Dataset-Offset, X-Dataset-Limit'
});
next();
})
.catch(next);
} else { } else {
// No origin // No origin
next(); next();
} }
}; };