Skip to content

Commit

Permalink
Merge pull request #242 from bcgov/sec/corp
Browse files Browse the repository at this point in the history 
Modify getObject CORP header to use cross-origin policy
  • Loading branch information
@TimCsaky
TimCsaky authored Jan 15, 2024
2 parents 668398e + dc254b9 commit 0f15e7a
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion app/src/routes/v1/object.js
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
const router = require('express').Router();
const helmet = require('helmet');

const { Permissions } = require('../../components/constants');
const { objectController, syncController } = require('../../controllers');
Expand Down Expand Up @@ -37,7 +38,8 @@ router.head('/:objectId', objectValidator.headObject, currentObject, hasPermissi
);

/** Returns the object */
router.get('/:objectId', objectValidator.readObject, currentObject, hasPermission(Permissions.READ),
router.get('/:objectId', helmet({ crossOriginResourcePolicy: { policy: 'cross-origin' } }),
objectValidator.readObject, currentObject, hasPermission(Permissions.READ),
(req, res, next) => {
// TODO: Add validation to reject unexpected query parameters
objectController.readObject(req, res, next);
Expand Down

0 comments on commit 0f15e7a

Please sign in to comment.