nodebb/src/middleware/headers.js

'use strict';

var os = require('os');

var meta = require('../meta');

module.exports = function (middleware) {
	middleware.addHeaders = function (req, res, next) {
		var headers = {
			'X-Powered-By': encodeURI(meta.config['powered-by'] || 'NodeBB'),
			'X-Frame-Options': meta.config['allow-from-uri'] ? 'ALLOW-FROM ' + encodeURI(meta.config['allow-from-uri']) : 'SAMEORIGIN',
			'Access-Control-Allow-Methods': encodeURI(meta.config['access-control-allow-methods'] || ''),
			'Access-Control-Allow-Headers': encodeURI(meta.config['access-control-allow-headers'] || ''),
		};

		if (meta.config['access-control-allow-origin']) {
			var origins = meta.config['access-control-allow-origin'].split(',');
			origins = origins.map(function (origin) {
				return origin && origin.trim();
			});

			if (origins.includes(req.get('origin'))) {
				headers['Access-Control-Allow-Origin'] = encodeURI(req.get('origin'));
			}
		}

		if (meta.config['access-control-allow-credentials']) {
			headers['Access-Control-Allow-Credentials'] = meta.config['access-control-allow-credentials'];
		}

		if (process.env.NODE_ENV === 'development') {
			headers['X-Upstream-Hostname'] = os.hostname();
		}

		for (var key in headers) {
			if (headers.hasOwnProperty(key) && headers[key]) {
				res.setHeader(key, headers[key]);
			}
		}

		next();
	};
};
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 9 years ago			`'use strict';`

appending X-Upstream-Hostname header in dev mode 7 years ago			`var os = require('os');`

encodeURIComponent header values 8 years ago			`var meta = require('../meta');`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 9 years ago
Fix space-before-function-paren linter rule 8 years ago			`module.exports = function (middleware) {`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 9 years ago			`middleware.addHeaders = function (req, res, next) {`
			`var headers = {`
fix headers for new installs encodeURI(undefined) === "undefined" 8 years ago			`'X-Powered-By': encodeURI(meta.config['powered-by'] \|\| 'NodeBB'),`
			`'X-Frame-Options': meta.config['allow-from-uri'] ? 'ALLOW-FROM ' + encodeURI(meta.config['allow-from-uri']) : 'SAMEORIGIN',`
			`'Access-Control-Allow-Methods': encodeURI(meta.config['access-control-allow-methods'] \|\| ''),`
ESlint comma-dangle 8 years ago			`'Access-Control-Allow-Headers': encodeURI(meta.config['access-control-allow-headers'] \|\| ''),`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 9 years ago			`};`

closes #5574 8 years ago			`if (meta.config['access-control-allow-origin']) {`
allow multiple origins for access-control-allow-origin header add access-control-allow-credentials header to acp 7 years ago			`var origins = meta.config['access-control-allow-origin'].split(',');`
			`origins = origins.map(function (origin) {`
			`return origin && origin.trim();`
			`});`

			`if (origins.includes(req.get('origin'))) {`
			`headers['Access-Control-Allow-Origin'] = encodeURI(req.get('origin'));`
			`}`
			`}`

			`if (meta.config['access-control-allow-credentials']) {`
			`headers['Access-Control-Allow-Credentials'] = meta.config['access-control-allow-credentials'];`
closes #5574 8 years ago			`}`

appending X-Upstream-Hostname header in dev mode 7 years ago			`if (process.env.NODE_ENV === 'development') {`
			`headers['X-Upstream-Hostname'] = os.hostname();`
			`}`

encodeURIComponent header values 8 years ago			`for (var key in headers) {`
fix headers for new installs encodeURI(undefined) === "undefined" 8 years ago			`if (headers.hasOwnProperty(key) && headers[key]) {`
fixes #5230 8 years ago			`res.setHeader(key, headers[key]);`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 9 years ago			`}`
			`}`

			`next();`
			`};`
			`};`