Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: update asynchronous example #205

Merged
merged 1 commit into from
May 29, 2022
Merged

docs: update asynchronous example #205

merged 1 commit into from
May 29, 2022

Conversation

is2ei
Copy link
Contributor

@is2ei is2ei commented May 29, 2022

Closes #137

Checklist

example request:

$ curl -H  "origin:localhost:3000"  -v http://localhost:3000/
*   Trying 127.0.0.1:3000...
* Connected to localhost (127.0.0.1) port 3000 (#0)
> GET / HTTP/1.1
> Host: localhost:3000
> User-Agent: curl/7.77.0
> Accept: */*
> origin:localhost:3000
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< vary: Origin
< content-type: application/json; charset=utf-8
< content-length: 17
< Date: Sun, 29 May 2022 04:46:53 GMT
< Connection: keep-alive
< Keep-Alive: timeout=5
<
* Connection #0 to host localhost left intact
{"hello":"world"}

mcollina
mcollina approved these changes May 29, 2022
View reviewed changes
Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

Fdawgs
Fdawgs requested changes May 29, 2022
View reviewed changes
README.md
corsOptions = { origin: false }
} else {
corsOptions = { origin: true }
if (/localhost/.test(req.headers.origin)) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if (/localhost/.test(req.headers.origin)) {
if (/^localhost$/m.test(req.headers.origin)) {

Otherwise compromised-website.com/localhost would pass this.

README.md
let corsOptions;
const origin = req.headers.origin
const corsOptions = {
origin: true
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
origin: true
// This is NOT recommended for production as it enables reflection exploits
origin: true

@mcollina mcollina merged commit 7b1ee06 into fastify:master May 29, 2022
@Fdawgs Fdawgs mentioned this pull request May 29, 2022
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Fdawgs Fdawgs Fdawgs requested changes

@mcollina mcollina mcollina approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

asynchronous dynamic cors not even worked!
3 participants
@is2ei @mcollina @Fdawgs