fix: allow server-to-server requests to /health without CORS block
This commit is contained in:
parent
8e9f232dba
commit
955da8899b
13
server.js
13
server.js
|
|
@ -136,8 +136,21 @@ app.use((req, res, next) => {
|
||||||
next();
|
next();
|
||||||
});
|
});
|
||||||
|
|
||||||
|
// /health はサーバー間プロキシ経由で origin なしリクエストが来るため先に CORS * で通す
|
||||||
|
app.use((req, res, next) => {
|
||||||
|
if (req.path === '/brain/api/health' || req.path === '/api/health') {
|
||||||
|
res.setHeader('Access-Control-Allow-Origin', '*');
|
||||||
|
}
|
||||||
|
next();
|
||||||
|
});
|
||||||
|
|
||||||
app.use(cors({
|
app.use(cors({
|
||||||
origin: (origin, cb) => {
|
origin: (origin, cb) => {
|
||||||
|
if (!origin) {
|
||||||
|
// origin なし = サーバー間リクエスト(curl / Node fetch 等)。/health のみ通過させる
|
||||||
|
// それ以外のエンドポイントはCSRF対策で拒否
|
||||||
|
return cb(null, false);
|
||||||
|
}
|
||||||
if (isAllowedOrigin(origin)) cb(null, true);
|
if (isAllowedOrigin(origin)) cb(null, true);
|
||||||
else cb(new Error('CORS not allowed'));
|
else cb(new Error('CORS not allowed'));
|
||||||
},
|
},
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue