From c970c74a2b182ea2477291b3b54124585933ce1f Mon Sep 17 00:00:00 2001 From: dwelle Date: Thu, 14 Jan 2021 12:10:45 +0100 Subject: [PATCH 1/3] fix: ensure non-* CORS origin header is set if no req headers sent --- src/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/index.ts b/src/index.ts index 01ba520..c6084e0 100755 --- a/src/index.ts +++ b/src/index.ts @@ -24,7 +24,7 @@ const io = socketIO(server, { handlePreflightRequest: function (req, res) { var headers = { "Access-Control-Allow-Headers": "Content-Type, Authorization", - "Access-Control-Allow-Origin": req.header ? req.header.origin : "*", + "Access-Control-Allow-Origin": req.header ? req.header.origin : "https://excalidraw.com", "Access-Control-Allow-Credentials": true, }; res.writeHead(200, headers); From 1de26f690bd2c9f0c9da0ecc12829802a3541bb5 Mon Sep 17 00:00:00 2001 From: dwelle Date: Thu, 14 Jan 2021 12:22:52 +0100 Subject: [PATCH 2/3] fallback to excalidraw.com if no origin header present --- src/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/index.ts b/src/index.ts index c6084e0..7d6742a 100755 --- a/src/index.ts +++ b/src/index.ts @@ -24,7 +24,7 @@ const io = socketIO(server, { handlePreflightRequest: function (req, res) { var headers = { "Access-Control-Allow-Headers": "Content-Type, Authorization", - "Access-Control-Allow-Origin": req.header ? req.header.origin : "https://excalidraw.com", + "Access-Control-Allow-Origin": (req.header && req.header.origin) || "https://excalidraw.com", "Access-Control-Allow-Credentials": true, }; res.writeHead(200, headers); From 1cc554339d4d62713cf37f3cb6833220f4e9b05a Mon Sep 17 00:00:00 2001 From: dwelle Date: Thu, 14 Jan 2021 12:23:07 +0100 Subject: [PATCH 3/3] fix lint --- src/index.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/index.ts b/src/index.ts index 7d6742a..9b43145 100755 --- a/src/index.ts +++ b/src/index.ts @@ -24,7 +24,8 @@ const io = socketIO(server, { handlePreflightRequest: function (req, res) { var headers = { "Access-Control-Allow-Headers": "Content-Type, Authorization", - "Access-Control-Allow-Origin": (req.header && req.header.origin) || "https://excalidraw.com", + "Access-Control-Allow-Origin": + (req.header && req.header.origin) || "https://excalidraw.com", "Access-Control-Allow-Credentials": true, }; res.writeHead(200, headers);