Skip to content

Commit dc397b4

Browse files
authored
add cors origin
1 parent 8bb1759 commit dc397b4

1 file changed

Lines changed: 14 additions & 0 deletions

File tree

app.js

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,20 @@ const axios = require('axios');
55
const app = express();
66

77
app.get('/camera', async (req, res) => {
8+
const origin = req.get('origin') || req.get('referer') || '';
9+
const allowedDomain = 'eplus.dev';
10+
11+
try {
12+
const url = new URL(origin);
13+
const hostname = url.hostname;
14+
15+
if (hostname !== allowedDomain && !hostname.endsWith(`.${allowedDomain}`)) {
16+
return res.status(403).send('Access denied');
17+
}
18+
} catch (e) {
19+
return res.status(403).send('Invalid origin');
20+
}
21+
822
const { id, bg = 'black' } = req.query;
923

1024
if (!id) return res.status(400).send('Missing camera id');

0 commit comments

Comments
 (0)