clone/TiddlyWiki5
1
0
Fork 0
mirror of https://github.com/TiddlyWiki/TiddlyWiki5.git synced 2026-02-01 22:07:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add an option to enable CORS (#9277)

Browse Source 
* Add an option to disable CORS

* change 'disable' with 'enable' CORS, because that is what this option actually does

* add a change note

* typo
This commit is contained in:
KiXaM_刻む
2026-01-25 17:04:16 +01:00
committed by GitHub
parent 75647eb623
commit a40ce29451
2 changed files with 25 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
core-server/server/server.js
View File

@@ -42,6 +42,8 @@ function Server(options) {
} }
// Setup the default required plugins // Setup the default required plugins
this.requiredPlugins = this.get("required-plugins").split(','); this.requiredPlugins = this.get("required-plugins").split(',');
// Initialise CORS
this.corsEnable = this.get("cors-enable") === "yes";
// Initialise CSRF // Initialise CSRF
this.csrfDisable = this.get("csrf-disable") === "yes"; this.csrfDisable = this.get("csrf-disable") === "yes";
// Initialize Gzip compression // Initialize Gzip compression
@@ -261,6 +263,13 @@ Server.prototype.requestHandler = function(request,response,options) {
state.urlInfo = url.parse(request.url); state.urlInfo = url.parse(request.url);
state.queryParameters = querystring.parse(state.urlInfo.query); state.queryParameters = querystring.parse(state.urlInfo.query);
state.pathPrefix = options.pathPrefix || this.get("path-prefix") || ""; state.pathPrefix = options.pathPrefix || this.get("path-prefix") || "";
// Enable CORS
if(this.corsEnable) {
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Headers", "*");
response.setHeader("Access-Control-Allow-Methods", "*");
response.setHeader("Access-Control-Expose-Headers", "*");
}
state.sendResponse = sendResponse.bind(self,request,response); state.sendResponse = sendResponse.bind(self,request,response);
// Get the principals authorized to access this resource // Get the principals authorized to access this resource
state.authorizationType = options.authorizationType || this.methodMappings[request.method] || "readers"; state.authorizationType = options.authorizationType || this.methodMappings[request.method] || "readers";
@@ -285,6 +294,12 @@ Server.prototype.requestHandler = function(request,response,options) {
response.end(); response.end();
return; return;
} }
// Reply to OPTIONS
if(this.corsEnable && request.method === "OPTIONS") {
response.writeHead(204);
response.end();
return;
}
// Find the route that matches this path // Find the route that matches this path
var route = self.findMatchingRoute(request,state); var route = self.findMatchingRoute(request,state);
// Optionally output debug info // Optionally output debug info

10
editions/tw5.com/tiddlers/releasenotes/5.4.0/#9277.tid Normal file
View File

@@ -0,0 +1,10 @@
title: $:/changenotes/5.4.0/#9277
description: Added an option to enable CORS
release: 5.4.0
tags: $:/tags/ChangeNote
change-type: feature
change-category: developer
github-links: https://github.com/TiddlyWiki/TiddlyWiki5/pull/9277
github-contributors: kixam
Added an option to the TiddlyWiki5 server to enable CORS (ie. don't check `same-origin`). It is meant for advanced users, do not use it unless you understand the full consequences.