Skip to content

Commit 313f1c7

Browse files
arcoravenarcoraven
authored
fix: load latest config when checking origin for CORS (#790)
* fix: return proper response on CORS error * remove debug logging * remove comment * return 403 response again
1 parent 1dd938f commit 313f1c7

File tree

2 files changed

+5
-7
lines changed

2 files changed

+5
-7
lines changed

src/server/index.ts

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,6 @@ import fastify, { type FastifyInstance } from "fastify";
33
import * as fs from "node:fs";
44
import path from "node:path";
55
import { URL } from "node:url";
6-
import { getConfig } from "../utils/cache/getConfig";
76
import { clearCacheCron } from "../utils/cron/clearCacheCron";
87
import { env } from "../utils/env";
98
import { logger } from "../utils/logger";
@@ -72,13 +71,11 @@ export const initServer = async () => {
7271
...(env.ENABLE_HTTPS ? httpsObject : {}),
7372
}).withTypeProvider<TypeBoxTypeProvider>();
7473

75-
const config = await getConfig();
76-
7774
// Configure middleware
7875
withErrorHandler(server);
7976
withRequestLogs(server);
8077
withSecurityHeaders(server);
81-
withCors(server, config);
78+
withCors(server);
8279
withRateLimit(server);
8380
withEnforceEngineMode(server);
8481
withServerUsageReporting(server);

src/server/middleware/cors.ts

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
import type { FastifyInstance } from "fastify";
2-
import type { ParsedConfig } from "../../schema/config";
2+
import { getConfig } from "../../utils/cache/getConfig";
33
import { ADMIN_QUEUES_BASEPATH } from "./adminRoutes";
44

55
const STANDARD_METHODS = "GET,POST,DELETE,PUT,PATCH,HEAD,PUT,PATCH,POST,DELETE";
@@ -9,7 +9,7 @@ const DEFAULT_ALLOWED_HEADERS = [
99
"ngrok-skip-browser-warning",
1010
];
1111

12-
export function withCors(server: FastifyInstance, config: ParsedConfig) {
12+
export function withCors(server: FastifyInstance) {
1313
server.addHook("onRequest", async (request, reply) => {
1414
const origin = request.headers.origin;
1515

@@ -29,6 +29,7 @@ export function withCors(server: FastifyInstance, config: ParsedConfig) {
2929
return;
3030
}
3131

32+
const config = await getConfig();
3233
const allowedOrigins = config.accessControlAllowOrigin
3334
.split(",")
3435
.map(sanitizeOrigin);
@@ -56,7 +57,7 @@ export function withCors(server: FastifyInstance, config: ParsedConfig) {
5657
return;
5758
}
5859
} else {
59-
reply.code(403).send({ error: "Invalid origin" });
60+
reply.code(403).send({ error: "Invalid origin." });
6061
return;
6162
}
6263
});

0 commit comments

Comments
 (0)