()
| 70 | } |
| 71 | |
| 72 | export function validateCorsConfig(): void { |
| 73 | if (getAllowedCorsOrigins() === '*' && getAllowCredentials()) { |
| 74 | logger.warn( |
| 75 | '[CORS] Unsafe configuration detected: CORS_ORIGINS=* cannot be combined with ' + |
| 76 | 'CORS_ALLOW_CREDENTIALS=true. Access-Control-Allow-Credentials has been forced to false. ' + |
| 77 | 'To allow credentialed cross-origin requests, set CORS_ORIGINS to an explicit comma-separated ' + |
| 78 | 'list of trusted origins instead of *.' |
| 79 | ) |
| 80 | } |
| 81 | } |
| 82 | |
| 83 | export function getCorsOptions(): any { |
| 84 | return (req: any, callback: (err: Error | null, options?: any) => void) => { |
no test coverage detected