mirror of
https://github.com/freeCodeCamp/freeCodeCamp.git
synced 2026-06-16 21:06:35 +08:00
46cdfd7802
* test: allow mocking of env vars Since utils/env is a module, we can mock it to control env vars in tests. However, it's not compatible with building the server in setupFilesAfterEnv, so, instead, we can use a utility function to keep things DRY. * fix: update type of fastifyTestInstance * chore: add comment about sts preload * chore: rename header plugin * test: add get util + provide origin on request * feat: add cors headers * chore: add TODO
42 lines
1.3 KiB
TypeScript
42 lines
1.3 KiB
TypeScript
import { FastifyPluginCallback } from 'fastify';
|
|
|
|
import fp from 'fastify-plugin';
|
|
import { HOME_LOCATION } from '../utils/env';
|
|
|
|
// import { FREECODECAMP_NODE_ENV } from '../utils/env';
|
|
|
|
const allowedOrigins = [
|
|
'https://www.freecodecamp.dev',
|
|
'https://www.freecodecamp.org',
|
|
'https://beta.freecodecamp.dev',
|
|
'https://beta.freecodecamp.org',
|
|
'https://chinese.freecodecamp.dev',
|
|
'https://chinese.freecodecamp.org'
|
|
];
|
|
|
|
const cors: FastifyPluginCallback = (fastify, _options, done) => {
|
|
fastify.addHook('onRequest', async (req, reply) => {
|
|
const origin = req.headers.origin;
|
|
if (origin && allowedOrigins.includes(origin)) {
|
|
void reply.header('Access-Control-Allow-Origin', origin);
|
|
} else {
|
|
// TODO: Discuss if this is the correct approach. Standard practice is to
|
|
// reflect one of a list of allowed origins and handle development
|
|
// separately. If we switch to that approach we can replace use
|
|
// @fastify/cors instead.
|
|
void reply.header('Access-Control-Allow-Origin', HOME_LOCATION);
|
|
}
|
|
|
|
void reply
|
|
.header(
|
|
'Access-Control-Allow-Headers',
|
|
'Origin, X-Requested-With, Content-Type, Accept'
|
|
)
|
|
.header('Access-Control-Allow-Credentials', true);
|
|
});
|
|
|
|
done();
|
|
};
|
|
|
|
export default fp(cors);
|