-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(echo): Cors specific origin selection for prod environments - DRAFT - Do not Merge #5731
base: next
Are you sure you want to change the base?
Conversation
source: string, | ||
headers: { originHeader: string; anonymousHeader: string } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Refactored to easily allowing to add more headers in the future
const { originHeader, anonymousHeader } = headers; | ||
const isProduction = process.env.NODE_ENV === 'production'; | ||
const isValidOrigin = | ||
(originHeader && originHeader.includes('https://web.novu.co')) || |
Check failure
Code scanning / CodeQL
Incomplete URL substring sanitization High
https://web.novu.co
const isProduction = process.env.NODE_ENV === 'production'; | ||
const isValidOrigin = | ||
(originHeader && originHeader.includes('https://web.novu.co')) || | ||
originHeader.includes('https://eu.web.novu.co') || |
Check failure
Code scanning / CodeQL
Incomplete URL substring sanitization High
https://eu.web.novu.co
const isValidOrigin = | ||
(originHeader && originHeader.includes('https://web.novu.co')) || | ||
originHeader.includes('https://eu.web.novu.co') || | ||
originHeader.includes('https://dev.web.novu.co'); |
Check failure
Code scanning / CodeQL
Incomplete URL substring sanitization High
https://dev.web.novu.co
✅ Deploy Preview for dev-web-novu ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
❌ Deploy Preview for novu-design failed. Why did it fail? →
|
const { originHeader, anonymousHeader } = headers; | ||
const isProduction = process.env.NODE_ENV === 'production'; | ||
const isValidOrigin = | ||
(originHeader && originHeader.includes('https://web.novu.co')) || |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suggest we create a NovuWebUrlEnum
with all options, then we can simplify this check to:
const isValidOrigin = Object.values(NovuApiUrlEnum).includes(originHeader);
This PR is being marked as stale due to inactivity. |
Waiting for dev deployment for testing