(origin: string, trustedOrigins: string[])
| 357 | * domain wildcards (same as --proxy-domain). |
| 358 | */ |
| 359 | export function isTrustedOrigin(origin: string, trustedOrigins: string[]): boolean { |
| 360 | return trustedOrigins.some((trusted) => { |
| 361 | if (trusted === "*" || trusted === origin) { |
| 362 | return true |
| 363 | } |
| 364 | // *.example.com style: match origin if it is the domain or a subdomain |
| 365 | if (trusted.startsWith("*.")) { |
| 366 | const domain = trusted.slice(2).toLowerCase() |
| 367 | return origin === domain || origin.endsWith("." + domain) |
| 368 | } |
| 369 | return false |
| 370 | }) |
| 371 | } |
| 372 | |
| 373 | /** |
| 374 | * Authenticate the request origin against the host. Throw if invalid. |
no outgoing calls
no test coverage detected