(appId)
| 409 | } |
| 410 | |
| 411 | export function allowCrossDomain(appId) { |
| 412 | return (req, res, next) => { |
| 413 | const config = Config.get(appId, getMountForRequest(req)); |
| 414 | let allowHeaders = DEFAULT_ALLOWED_HEADERS; |
| 415 | if (config && config.allowHeaders) { |
| 416 | allowHeaders += `, ${config.allowHeaders.join(', ')}`; |
| 417 | } |
| 418 | |
| 419 | const baseOrigins = |
| 420 | typeof config?.allowOrigin === 'string' ? [config.allowOrigin] : config?.allowOrigin ?? ['*']; |
| 421 | const requestOrigin = req.headers.origin; |
| 422 | const allowOrigins = |
| 423 | requestOrigin && baseOrigins.includes(requestOrigin) ? requestOrigin : baseOrigins[0]; |
| 424 | res.header('Access-Control-Allow-Origin', allowOrigins); |
| 425 | res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS'); |
| 426 | res.header('Access-Control-Allow-Headers', allowHeaders); |
| 427 | res.header('Access-Control-Expose-Headers', 'X-Parse-Job-Status-Id, X-Parse-Push-Status-Id'); |
| 428 | // intercept OPTIONS method |
| 429 | if ('OPTIONS' == req.method) { |
| 430 | res.sendStatus(200); |
| 431 | } else { |
| 432 | next(); |
| 433 | } |
| 434 | }; |
| 435 | } |
| 436 | |
| 437 | export function allowMethodOverride(req, res, next) { |
| 438 | if (req.method === 'POST' && req.body?._method) { |
no test coverage detected