mirrors/puter
1
0
Fork 0
mirror of https://github.com/HeyPuter/puter synced 2024-11-14 22:06:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use weak CORS policy for experimental_no_subdomain

Browse Source
This commit is contained in:
KernelDeimos 2024-04-05 16:51:57 -04:00
parent fe88880486
commit 343edbff51
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
packages/backend/src/services/WebServerService.js
View File

@ -291,7 +291,10 @@ class WebServerService extends BaseService {
res.setHeader('Access-Control-Allow-Origin', origin ?? '*');
}
// Website(s) to allow to connect
if ( req.subdomains[req.subdomains.length-1] === 'api' ) {
if (
config.experimental_no_subdomain ||
req.subdomains[req.subdomains.length-1] === 'api'
) {
res.setHeader('Access-Control-Allow-Origin', origin ?? '*');
res.setHeader('Access-Control-Allow-Credentials', 'true');
}