fix: ensure non-* CORS origin header is set if no req headers sent

2021-01-14 12:10:45 +01:00 · 2021-01-14 12:10:45 +01:00 · c970c74a2b
commit c970c74a2b
parent cc4a6ce1b9
1 changed files with 1 additions and 1 deletions
--- a/src/index.ts
+++ b/src/index.ts
@ -24,7 +24,7 @@ const io = socketIO(server, {
  handlePreflightRequest: function (req, res) {
    var headers = {
      "Access-Control-Allow-Headers": "Content-Type, Authorization",
-      "Access-Control-Allow-Origin": req.header ? req.header.origin : "*",
+      "Access-Control-Allow-Origin": req.header ? req.header.origin : "https://excalidraw.com",
      "Access-Control-Allow-Credentials": true,
    };
    res.writeHead(200, headers);