kenmirrors/MagicMirror
1
0
Fork 0
mirror of https://github.com/MichMich/MagicMirror.git synced 2026-06-09 03:34:51 +00:00
Code Issues Projects Releases Wiki Activity

add option to disable or restrict cors endpoint (#4087)

Browse Source
This commit is contained in:
Karsten Hassel
2026-04-04 11:55:13 +02:00
committed by GitHub
parent 03f268934a
commit abf6989faa
3 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
js/server_functions.js
View File

@@ -25,6 +25,7 @@ async function isPrivateTarget (url) {
const hostname = parsed.hostname.replace(/^\[|\]$/g, "");
if (hostname.toLowerCase() === "localhost") return true;
if (global.config.cors === "allowWhitelist" && !global.config.corsDomainWhitelist.includes(hostname.toLowerCase())) return true;
try {
const results = await dns.lookup(hostname, { all: true });
@@ -68,6 +69,10 @@ function replaceSecretPlaceholder (input) {
* @returns {Promise<void>} A promise that resolves when the response is sent
*/
async function cors (req, res) {
if (global.config.cors === "disabled") {
Log.error("CORS is disabled, you need to enable it in `config.js` by setting `cors` to `allowAll` or `allowWhitelist`");
return res.status(403).json({ error: "CORS proxy is disabled" });
}
try {
const urlRegEx = "url=(.+?)$";
let url;