jprdonnelly/freeCodeCamp
1
0
Fork 0
mirror of https://github.com/freeCodeCamp/freeCodeCamp.git synced 2025-12-30 03:03:06 -05:00
Code Issues Projects Releases Wiki Activity

feat(api): log disallowed origins (#59059)

Browse Source
This commit is contained in:
Sem Bauke
2025-03-03 14:44:37 +01:00
committed by GitHub
parent 17838276b8
commit 9cb6677e9f
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
api/src/plugins/cors.ts
View File

@@ -10,8 +10,10 @@ const cors: FastifyPluginCallback = (fastify, _options, done) => {
});
fastify.addHook('onRequest', async (req, reply) => {
const logger = fastify.log.child({ req });
const origin = req.headers.origin;
if (origin && allowedOrigins.includes(origin)) {
// Do we want to log allowed origins?
void reply.header('Access-Control-Allow-Origin', origin);
} else {
// TODO: Discuss if this is the correct approach. Standard practice is to
@@ -19,6 +21,7 @@ const cors: FastifyPluginCallback = (fastify, _options, done) => {
// separately. If we switch to that approach we can replace use
// @fastify/cors instead.
void reply.header('Access-Control-Allow-Origin', HOME_LOCATION);
logger.debug(`Received request from disallowed origin: ${origin}`);
}
void reply