Implementing CORS and CSP headers from env config

2026-06-28 15:00:57 +03:00 · 2024-01-25 11:39:13 -05:00
parent 1104257720
commit 3be2393412
3 changed files with 46 additions and 4 deletions
@@ -18,3 +18,14 @@ export function sanitizeMiddleware(req: Request, res: Response, next: NextFuncti
    }
    next()
 }
+
+export function getAllowedCorsOrigins(): string {
+    // Expects FQDN separated by commas, otherwise nothing or * for all.
+    return process.env.CORS_ORIGINS ?? '*'
+}
+
+export function getAllowedEmbeddingOrigins(): string {
+    // Expects FQDN separated by commas, otherwise nothing or * for all.
+    // Also CSP allowed values: self or none
+    return process.env.EMBEDDING_ORIGINS ?? '*'
+}