feat(echo): Cors specific origin selection for prod environments - DRAFT - Do not Merge #5731
Conversation
| source: string, | ||
| headers: { originHeader: string; anonymousHeader: string } |
There was a problem hiding this comment.
Refactored to easily allowing to add more headers in the future
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| const { originHeader, anonymousHeader } = headers; | ||
| const isProduction = process.env.NODE_ENV === 'production'; | ||
| const isValidOrigin = | ||
| (originHeader && originHeader.includes('https://web.novu.co')) || |
Check failure
Code scanning / CodeQL
Incomplete URL substring sanitization High
| const isProduction = process.env.NODE_ENV === 'production'; | ||
| const isValidOrigin = | ||
| (originHeader && originHeader.includes('https://web.novu.co')) || | ||
| originHeader.includes('https://eu.web.novu.co') || |
Check failure
Code scanning / CodeQL
Incomplete URL substring sanitization High
| const isValidOrigin = | ||
| (originHeader && originHeader.includes('https://web.novu.co')) || | ||
| originHeader.includes('https://eu.web.novu.co') || | ||
| originHeader.includes('https://dev.web.novu.co'); |
Check failure
Code scanning / CodeQL
Incomplete URL substring sanitization High
✅ Deploy Preview for dev-web-novu ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
❌ Deploy Preview for novu-design failed. Why did it fail? →
|
| const { originHeader, anonymousHeader } = headers; | ||
| const isProduction = process.env.NODE_ENV === 'production'; | ||
| const isValidOrigin = | ||
| (originHeader && originHeader.includes('https://web.novu.co')) || |
There was a problem hiding this comment.
I suggest we create a NovuWebUrlEnum with all options, then we can simplify this check to:
const isValidOrigin = Object.values(NovuApiUrlEnum).includes(originHeader);
|
This PR is being marked as stale due to inactivity. |
Waiting for dev deployment for testing