Add new 'ACKEE_AUTO_FQDN_ORIGIN' method of adding CORS Headers #271
Conversation
Previously there were two builtin methods of adding CORS headers to ACKEE: One could either set a wildcard header (`ACKEE_ALLOW_ORIGIN=*`) or set a concrete list of domains (`ACKEE_ALLOW_ORIGIN=domain1.example.com,domain2.example.com`). However these became very annoying to configure when working with more than a couple of domains. This commit proposes adding a new method 'ACKEE_AUTO_FQDN_ORIGIN' to figure out which domains to add CORS Headers for. Instead of hard-coding the domains, this mode instead determines them from the list of tracking domains. Conretely, each domain in the domain list that has a fully qualified domain name as a title is treated as a valid domain to add a CORS header for. The implementation is achieved by means of a new 'domainFqNames.js' utility, which uses the 'is-valid-domain' npm package to filter the list of domains. Additionally the 'findMatchingOrigin.js' utility is modified to make use of the above. A second equivalent implementation is added to 'serverless.js'. This commit also adds a test for the new functionality, although this does not test the serverless implementation.
|
Someone is attempting to deploy a commit to a Personal Account owned by @electerious on Vercel. @electerious first needs to authorize it. |
|
As I already mentioned in #159 I would appreciate such a feature as it's very cumbersome to manually ssh into my server and add the domain to the env variable I also think the way this PR implements it is great as it works around the limitation mentioned in #159 (comment). |
|
This looks great! I just don't have the time to review and test the PR, but I will keep it on my list when I'm back working on Ackee. Thanks for the work! |
|
Any updates on merging or not merging this? |
|
This would be very nice to have, currently I'm entering all the cors domains by hand, which is really annoying |
|
Same, @electerious anything I can do to help get this merged? |
|
Merged! Thanks a lot for your work. The option is now called |
Previously there were two builtin methods of adding CORS headers to ACKEE:
ACKEE_ALLOW_ORIGIN=*); orACKEE_ALLOW_ORIGIN=domain1.example.com,domain2.example.com)However these become very annoying (either insecure or tedious) to configure when working with more than a couple of domains.
This commit proposes adding a new method 'ACKEE_AUTO_FQDN_ORIGIN' to figure out which domains to add CORS Headers for.
Instead of hard-coding the domains, this mode instead determines them from the list of tracking domains.
Concretely, each domain in the domain list that has a fully qualified domain name as a title is treated as a valid domain to add a CORS header for.
The implementation is achieved by means of a new 'domainFqNames.js' utility, which uses the 'is-valid-domain' npm package to filter the list of domains.
Additionally the 'findMatchingOrigin.js' utility is modified to make use of the above.
A second equivalent implementation is added to 'serverless.js'.
This commit also adds a test for the new functionality, although this does not test the serverless implementation.