* @private * @returns {boolean} true when the user has configured a wildcard * Access-Control-Allow-Origin header (opting into fully open cross-origin access)
()
| 3143 | * Access-Control-Allow-Origin header (opting into fully open cross-origin access) |
| 3144 | */ |
| 3145 | isUserCORSWildcardEnabled() { |
| 3146 | const { headers } = this.options; |
| 3147 | |
| 3148 | if (!headers) { |
| 3149 | return false; |
| 3150 | } |
| 3151 | |
| 3152 | if (typeof headers === "function") { |
| 3153 | return false; |
| 3154 | } |
| 3155 | |
| 3156 | /** |
| 3157 | * @param {string | string[]} value header value |
| 3158 | * @returns {boolean} true when value is the "*" wildcard |
| 3159 | */ |
| 3160 | const isWildcard = (value) => { |
| 3161 | if (typeof value === "string") { |
| 3162 | return value.trim() === "*"; |
| 3163 | } |
| 3164 | |
| 3165 | if (Array.isArray(value)) { |
| 3166 | return value.length === 1 && isWildcard(value[0]); |
| 3167 | } |
| 3168 | |
| 3169 | return false; |
| 3170 | }; |
| 3171 | |
| 3172 | if (Array.isArray(headers)) { |
| 3173 | return headers.some( |
| 3174 | (header) => |
| 3175 | header.key.toLowerCase() === "access-control-allow-origin" && |
| 3176 | isWildcard(header.value), |
| 3177 | ); |
| 3178 | } |
| 3179 | |
| 3180 | return Object.entries(headers).some( |
| 3181 | ([key, value]) => |
| 3182 | key.toLowerCase() === "access-control-allow-origin" && |
| 3183 | isWildcard(value), |
| 3184 | ); |
| 3185 | } |
| 3186 | |
| 3187 | /** |
| 3188 | * @private |