From 7c97516de673511c570dea12eee066af85fca1d5 Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Thu, 10 Oct 2024 16:31:19 +1000 Subject: [PATCH] Fix schema issue with cors --- backend/lib/access.js | 2 +- backend/lib/express/cors.js | 42 ++++++++----------------------------- 2 files changed, 10 insertions(+), 34 deletions(-) diff --git a/backend/lib/access.js b/backend/lib/access.js index 57dd379..0e658a6 100644 --- a/backend/lib/access.js +++ b/backend/lib/access.js @@ -268,6 +268,7 @@ module.exports = function (token_string) { let permissionSchema = { $async: true, $id: 'permissions', + type: 'object', additionalProperties: false, properties: {} }; @@ -277,7 +278,6 @@ module.exports = function (token_string) { const ajv = new Ajv({ verbose: true, allErrors: true, - missingRefs: 'fail', breakOnError: true, coerceTypes: true, schemas: [ diff --git a/backend/lib/express/cors.js b/backend/lib/express/cors.js index c9befee..6d5b8b5 100644 --- a/backend/lib/express/cors.js +++ b/backend/lib/express/cors.js @@ -1,40 +1,16 @@ -const validator = require('../validator'); - module.exports = function (req, res, next) { - if (req.headers.origin) { - - const originSchema = { - oneOf: [ - { - type: 'string', - pattern: '^[a-z\\-]+:\\/\\/(?:[\\w\\-\\.]+(:[0-9]+)?/?)?$' - }, - { - type: 'string', - pattern: '^[a-z\\-]+:\\/\\/(?:\\[([a-z0-9]{0,4}\\:?)+\\])?/?(:[0-9]+)?$' - } - ] - }; - - // very relaxed validation.... - validator(originSchema, req.headers.origin) - .then(function () { - res.set({ - 'Access-Control-Allow-Origin': req.headers.origin, - 'Access-Control-Allow-Credentials': true, - 'Access-Control-Allow-Methods': 'OPTIONS, GET, POST', - 'Access-Control-Allow-Headers': 'Content-Type, Cache-Control, Pragma, Expires, Authorization, X-Dataset-Total, X-Dataset-Offset, X-Dataset-Limit', - 'Access-Control-Max-Age': 5 * 60, - 'Access-Control-Expose-Headers': 'X-Dataset-Total, X-Dataset-Offset, X-Dataset-Limit' - }); - next(); - }) - .catch(next); - + res.set({ + 'Access-Control-Allow-Origin': req.headers.origin, + 'Access-Control-Allow-Credentials': true, + 'Access-Control-Allow-Methods': 'OPTIONS, GET, POST', + 'Access-Control-Allow-Headers': 'Content-Type, Cache-Control, Pragma, Expires, Authorization, X-Dataset-Total, X-Dataset-Offset, X-Dataset-Limit', + 'Access-Control-Max-Age': 5 * 60, + 'Access-Control-Expose-Headers': 'X-Dataset-Total, X-Dataset-Offset, X-Dataset-Limit' + }); + next(); } else { // No origin next(); } - };