diff options
| -rw-r--r-- | server.js | 14 |
1 files changed, 5 insertions, 9 deletions
@@ -35,16 +35,12 @@ app.use( app.use( cors({ origin: function (origin, callback) { - // allow requests with no origin - // (like mobile apps or curl requests) - if (!origin) return callback(null, true); - if (allowedOrigins.indexOf(origin) === -1) { - var msg = - "The CORS policy for this site does not " + - "allow access from the specified Origin."; - return callback(new Error(msg), false); + // Block everything except the allowed origins + if (allowedOrigins.indexOf(origin) !== -1) { + callback(null, true); + } else { + callback(new Error("Not allowed by CORS")); } - return callback(null, true); }, }) ); |