File tree 2 files changed +12
-9
lines changed
2 files changed +12
-9
lines changed Original file line number Diff line number Diff line change @@ -80,6 +80,7 @@ export interface UserProvidedArgs extends UserProvidedCodeArgs {
8080 "bind-addr" ?: string
8181 socket ?: string
8282 "socket-mode" ?: string
83+ "trusted-origins" ?: string [ ]
8384 version ?: boolean
8485 "proxy-domain" ?: string [ ]
8586 "reuse-window" ?: boolean
@@ -165,12 +166,6 @@ export const options: Options<Required<UserProvidedArgs>> = {
165166 "session-socket" : {
166167 type : "string" ,
167168 } ,
168- "disable-authenticate-origin" : {
169- type : "boolean" ,
170- description :
171- "Disable check that the origin of the request is the same as the host. Notice that this disables a safety feature. \n" +
172- "(Useful when using a reverse proxy)" ,
173- } ,
174169 "disable-file-downloads" : {
175170 type : "boolean" ,
176171 description :
@@ -215,6 +210,11 @@ export const options: Options<Required<UserProvidedArgs>> = {
215210
216211 socket : { type : "string" , path : true , description : "Path to a socket (bind-addr will be ignored)." } ,
217212 "socket-mode" : { type : "string" , description : "File mode of the socket." } ,
213+ "trusted-origins" : {
214+ type : "string[]" ,
215+ description :
216+ "Disables authenticate origin check for trusted origin. Useful if not able to access reverse proxy configuration." ,
217+ } ,
218218 version : { type : "boolean" , short : "v" , description : "Display version information." } ,
219219 _ : { type : "string[]" } ,
220220
Original file line number Diff line number Diff line change @@ -327,9 +327,7 @@ function getFirstHeader(req: http.IncomingMessage, headerName: string): string |
327327 */
328328export function ensureOrigin ( req : express . Request , _ ?: express . Response , next ?: express . NextFunction ) : void {
329329 try {
330- if ( ! req . args [ "disable-authenticate-origin" ] ) {
331- authenticateOrigin ( req )
332- }
330+ authenticateOrigin ( req )
333331 if ( next ) {
334332 next ( )
335333 }
@@ -357,6 +355,11 @@ export function authenticateOrigin(req: express.Request): void {
357355 throw new Error ( `unable to parse malformed origin "${ originRaw } )
358356 }
359357
358+ const trustedOrigins = req . args [ "trusted-origins" ] || [ ]
359+ if ( trustedOrigins . includes ( origin ) || trustedOrigins . includes ( "*" ) ) {
360+ return
361+ }
362+
360363 const host = getHost ( req )
361364 if ( typeof host === "undefined" ) {
362365 // A missing host likely means the reverse proxy has not been configured to
You can’t perform that action at this time.
0 commit comments