From 1ae222a9c37f3aeb02793348c28a95acc1f4e5d4 Mon Sep 17 00:00:00 2001 From: Alexandre Bodin Date: Fri, 5 Apr 2024 10:09:09 +0200 Subject: [PATCH 1/2] fix: cors v5 --- packages/core/strapi/package.json | 2 +- packages/core/strapi/src/middlewares/cors.ts | 16 +++++++--------- packages/core/types/package.json | 2 +- yarn.lock | 15 ++++++++++++--- 4 files changed, 21 insertions(+), 14 deletions(-) diff --git a/packages/core/strapi/package.json b/packages/core/strapi/package.json index d46f64656a..e0858d9ec6 100644 --- a/packages/core/strapi/package.json +++ b/packages/core/strapi/package.json @@ -111,7 +111,7 @@ "watch": "pack-up watch" }, "dependencies": { - "@koa/cors": "3.4.3", + "@koa/cors": "5.0.0", "@koa/router": "10.1.1", "@strapi/admin": "4.23.0", "@strapi/content-releases": "4.23.0", diff --git a/packages/core/strapi/src/middlewares/cors.ts b/packages/core/strapi/src/middlewares/cors.ts index a5409cafc6..4edee776fb 100644 --- a/packages/core/strapi/src/middlewares/cors.ts +++ b/packages/core/strapi/src/middlewares/cors.ts @@ -38,6 +38,10 @@ export const cors: Common.MiddlewareFactory = (config) => { return koaCors({ async origin(ctx) { + if (!ctx.get('Origin')) { + return '*'; + } + let originList: string | string[]; if (typeof origin === 'function') { @@ -46,17 +50,11 @@ export const cors: Common.MiddlewareFactory = (config) => { originList = origin; } - const whitelist = Array.isArray(originList) ? originList : originList.split(/\s*,\s*/); - - const requestOrigin = ctx.headers.origin ?? ''; - if (whitelist.includes('*')) { - return credentials ? requestOrigin : '*'; + if (Array.isArray(originList)) { + return originList.join(','); } - if (!whitelist.includes(requestOrigin)) { - return ctx.throw(`${requestOrigin} is not a valid origin`); - } - return requestOrigin; + return originList; }, exposeHeaders: expose, maxAge, diff --git a/packages/core/types/package.json b/packages/core/types/package.json index 3dc089766e..f349ae475c 100644 --- a/packages/core/types/package.json +++ b/packages/core/types/package.json @@ -44,7 +44,7 @@ }, "dependencies": { "@casl/ability": "6.5.0", - "@koa/cors": "3.4.3", + "@koa/cors": "5.0.0", "@koa/router": "10.1.1", "@strapi/database": "4.23.0", "@strapi/logger": "4.23.0", diff --git a/yarn.lock b/yarn.lock index 0913a458f1..f664fafb54 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4136,7 +4136,16 @@ __metadata: languageName: node linkType: hard -"@koa/cors@npm:3.4.3, @koa/cors@npm:^3.1.0": +"@koa/cors@npm:5.0.0": + version: 5.0.0 + resolution: "@koa/cors@npm:5.0.0" + dependencies: + vary: "npm:^1.1.2" + checksum: 3a0e32fbc422a5f9a41540ce3b7499d46073ddb0e4e851394a74bac5ecd0eaa1f24a8f189b7bd6a50c5863788ae6945c52d990edf99fdd2151a4404f266fe2e7 + languageName: node + linkType: hard + +"@koa/cors@npm:^3.1.0": version: 3.4.3 resolution: "@koa/cors@npm:3.4.3" dependencies: @@ -8767,7 +8776,7 @@ __metadata: version: 0.0.0-use.local resolution: "@strapi/strapi@workspace:packages/core/strapi" dependencies: - "@koa/cors": "npm:3.4.3" + "@koa/cors": "npm:5.0.0" "@koa/router": "npm:10.1.1" "@strapi/admin": "npm:4.23.0" "@strapi/content-releases": "npm:4.23.0" @@ -8871,7 +8880,7 @@ __metadata: resolution: "@strapi/types@workspace:packages/core/types" dependencies: "@casl/ability": "npm:6.5.0" - "@koa/cors": "npm:3.4.3" + "@koa/cors": "npm:5.0.0" "@koa/router": "npm:10.1.1" "@strapi/database": "npm:4.23.0" "@strapi/logger": "npm:4.23.0" From 24613c19474e8e9042746d347cb408994c829997 Mon Sep 17 00:00:00 2001 From: Alexandre Bodin Date: Wed, 10 Apr 2024 20:06:23 +0200 Subject: [PATCH 2/2] chore: support arrays --- packages/core/strapi/src/middlewares/cors.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/core/strapi/src/middlewares/cors.ts b/packages/core/strapi/src/middlewares/cors.ts index 4edee776fb..8370bc03a8 100644 --- a/packages/core/strapi/src/middlewares/cors.ts +++ b/packages/core/strapi/src/middlewares/cors.ts @@ -51,7 +51,7 @@ export const cors: Common.MiddlewareFactory = (config) => { } if (Array.isArray(originList)) { - return originList.join(','); + return originList.includes(ctx.get('Origin')) ? ctx.get('Origin') : false; } return originList;