MCPcopy Index your code
hub / github.com/ZenNotes/zennotes / isAllowedOrigin

Method isAllowedOrigin

apps/server/internal/httpserver/security.go:302–326  ·  view source on GitHub ↗
(r *http.Request, origin string)

Source from the content-addressed store, hash-verified

300}
301
302func (s *Server) isAllowedOrigin(r *http.Request, origin string) bool {
303 if origin == "" {
304 return true
305 }
306 normalized := normalizeOrigin(origin)
307 if normalized == "" {
308 return false
309 }
310 if normalized == s.requestOrigin(r) {
311 return true
312 }
313
314 cfg := s.currentConfig()
315 for _, allowed := range cfg.AllowedOrigins {
316 if normalizeOrigin(allowed) == normalized {
317 return true
318 }
319 }
320
321 if (cfg.DevMode || isLoopbackBind(cfg.Bind)) && isLoopbackOrigin(normalized) {
322 return true
323 }
324
325 return false
326}
327
328func (s *Server) corsMiddleware(next http.Handler) http.Handler {
329 return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

Callers 2

watchWSMethod · 0.95
corsMiddlewareMethod · 0.95

Calls 5

requestOriginMethod · 0.95
currentConfigMethod · 0.95
normalizeOriginFunction · 0.85
isLoopbackBindFunction · 0.85
isLoopbackOriginFunction · 0.85

Tested by

no test coverage detected