MCPcopy Index your code
hub / github.com/parse-community/parse-server / allowCrossDomain

Function allowCrossDomain

src/middlewares.js:411–435  ·  view source on GitHub ↗
(appId)

Source from the content-addressed store, hash-verified

409}
410
411export function allowCrossDomain(appId) {
412 return (req, res, next) => {
413 const config = Config.get(appId, getMountForRequest(req));
414 let allowHeaders = DEFAULT_ALLOWED_HEADERS;
415 if (config && config.allowHeaders) {
416 allowHeaders += `, ${config.allowHeaders.join(', ')}`;
417 }
418
419 const baseOrigins =
420 typeof config?.allowOrigin === 'string' ? [config.allowOrigin] : config?.allowOrigin ?? ['*'];
421 const requestOrigin = req.headers.origin;
422 const allowOrigins =
423 requestOrigin && baseOrigins.includes(requestOrigin) ? requestOrigin : baseOrigins[0];
424 res.header('Access-Control-Allow-Origin', allowOrigins);
425 res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS');
426 res.header('Access-Control-Allow-Headers', allowHeaders);
427 res.header('Access-Control-Expose-Headers', 'X-Parse-Job-Status-Id, X-Parse-Push-Status-Id');
428 // intercept OPTIONS method
429 if ('OPTIONS' == req.method) {
430 res.sendStatus(200);
431 } else {
432 next();
433 }
434 };
435}
436
437export function allowMethodOverride(req, res, next) {
438 if (req.method === 'POST' && req.body?._method) {

Callers 2

applyGraphQLMethod · 0.90

Calls 3

getMountForRequestFunction · 0.85
nextFunction · 0.85
getMethod · 0.45

Tested by

no test coverage detected