Accept a list of device hosts for CORS whitelist (#59)

getumbrel · Sep 6, 2020 · a1a26c4 · a1a26c4
1 parent ec488fe
commit a1a26c4
Show file tree

Hide file tree

Showing 4 changed files with 3 additions and 42 deletions.
diff --git a/README.md b/README.md
@@ -34,7 +34,7 @@ Set the following environment variables directly or by placing them in `.env` fi
 | Variable | Description | Default |
 | ------------- | ------------- | ------------- |
 | `PORT` | Port where middleware should listen for requests | `3005` |
-| `DEVICE_HOST` | IP or domain from where [`umbrel-dashboard`](https://github.com/getumbrel/umbrel-dashboard) will request | `http://umbrel.local` |
+| `DEVICE_HOSTS` | Comma separated list of IPs or domain names to whitelist for CORS | `http://umbrel.local` |
 | `BITCOIN_HOST` | IP or domain where `bitcoind` RPC is listening | `127.0.0.1` |
 | `RPC_USER` | `bitcoind` RPC username  |  |
 | `RPC_PASSWORD` | `bitcoind` RPC password |  |

diff --git a/app.js b/app.js
@@ -12,7 +12,6 @@ const cors = require('cors');
 // Keep requestCorrelationId middleware as the first middleware. Otherwise we risk losing logs.
 const requestCorrelationMiddleware = require('middlewares/requestCorrelationId.js'); // eslint-disable-line id-length
 const camelCaseReqMiddleware = require('middlewares/camelCaseRequest.js').camelCaseRequest;
-const onionOriginMiddleware = require('middlewares/onionOrigin.js');
 const corsOptions = require('middlewares/cors.js').corsOptions;
 const errorHandleMiddleware = require('middlewares/errorHandling.js');
 require('middlewares/auth.js');
@@ -31,10 +30,7 @@ const pages = require('routes/v1/pages.js');
 const ping = require('routes/ping.js');
 const app = express();
 
-// Handle Cors for Tor Browser 9.0.0 bug and options requests
-app.use(onionOriginMiddleware);
-
-// Handles Cors for normal requests
+// Handles CORS
 app.use(cors(corsOptions));
 
 app.use(bodyParser.json());

diff --git a/middlewares/cors.js b/middlewares/cors.js
@@ -5,14 +5,9 @@ const corsOptions = {
       'http://localhost:8080',
       'http://localhost',
       'http://umbrel.local',
-      process.env.DEVICE_HOST,
+      ...process.env.DEVICE_HOSTS.split(",")
     ];
 
-    // Whitelist hidden service if exists.
-    if (process.env.UMBREL_HIDDEN_SERVICE) {
-      whitelist.push(process.env.UMBREL_HIDDEN_SERVICE);
-    }
-
     if (whitelist.indexOf(origin) !== -1 || !origin) {
       return callback(null, true);
     } else {

diff --git a/middlewares/onionOrigin.js b/middlewares/onionOrigin.js