@paroicms/server/dist/helpers/cors-middleware.js

The ParoiCMS server

import cors from "cors";
import { registeredSites } from "../context.js";
export function createCorsMiddleware() {
    return cors({
        credentials: true,
        origin: (origin, callback) => {
            if (!origin)
                return callback(null, true);
            if (process.env.NODE_ENV === "development") {
                return callback(null, true);
            }
            try {
                const originDomain = new URL(origin).hostname;
                const allowedDomains = Array.from(registeredSites.values()).map((conf) => conf.fqdn);
                if (allowedDomains.some((domain) => originDomain === domain || originDomain.endsWith(`.${domain}`))) {
                    return callback(null, true);
                }
                callback(new Error(`Origin ${origin} not allowed by CORS`), false);
            }
            catch {
                callback(new Error("CORS validation error"), false);
            }
        },
    });
}
//# sourceMappingURL=cors-middleware.js.map