Skip to content

[FIX] CORS error while interacting with any action button on Livechat #22121

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
murtaza98 wants to merge 4 commits into from
Closed

[FIX] CORS error while interacting with any action button on Livechat #22121

Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
73021d1
[FIX] CORS error while interacting with any action button on Livechat
murtaza98 May 24, 2021
c5968d2
remove unnecessary condition check
murtaza98 May 24, 2021
2ccefb1
Remove unwanted brackets
murtaza98 May 24, 2021
131cd2c
Fix CORS disable not working
murtaza98 May 25, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions app/apps/server/communication/uikit.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import express from 'express';
import cors from 'cors';
import rateLimit from 'express-rate-limit';
import { Meteor } from 'meteor/meteor';
import { WebApp } from 'meteor/webapp';
Expand All @@ -14,6 +15,25 @@ const apiServer = express();

apiServer.disable('x-powered-by');

let corsEnabled = false;
let allowListOrigins = [];

settings.get('API_Enable_CORS', (_, value) => { corsEnabled = value; });
Comment thread
KevLehman marked this conversation as resolved.

settings.get('API_CORS_Origin', (_, value) => {
allowListOrigins = value ? value.trim().split(',').map((origin) => String(origin).trim().toLocaleLowerCase()) : [];
});

apiServer.use(cors({
origin: (origin, callback) => {
if (!origin || !corsEnabled || (allowListOrigins.includes('*') || allowListOrigins.includes(origin)) || origin === settings.get('Site_Url')) {
callback(null, true);
} else {
callback('Not allowed by CORS', false);
}
},
}));

WebApp.connectHandlers.use(apiServer);
Comment thread
KevLehman marked this conversation as resolved.

// eslint-disable-next-line new-cap
Expand Down