From be8abab3011360e44d51e9cf281f1efc22a48d18 Mon Sep 17 00:00:00 2001 From: Mike Fix Date: Wed, 5 Dec 2018 16:53:08 -0800 Subject: [PATCH] add improved CORs filter --- api/server.js | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/api/server.js b/api/server.js index c3cb40c..98159e8 100644 --- a/api/server.js +++ b/api/server.js @@ -42,7 +42,15 @@ puppeteer.launch(puppeteerParams).then(browser => { server.use(morgan('tiny')) } - server.use(cors()) + server.use( + cors({ + origin(origin, callback) { + return origin === 'https://carbon.now.sh' || !origin + ? callback(null, true) + : callback(new Error('Not allowed by CORS')) + } + }) + ) server.use(compression())