From 07955daa1ca9d1e17cb3664099438d1c1517eed9 Mon Sep 17 00:00:00 2001 From: Yiran Lu Date: Tue, 15 Apr 2025 23:13:34 +0200 Subject: [PATCH 1/3] Allow setting CORS headers --- src/app.ts | 12 ++++++++++++ src/services/config.ts | 14 +++++++++++++- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/src/app.ts b/src/app.ts index 326c15efd..19eea047d 100644 --- a/src/app.ts +++ b/src/app.ts @@ -7,6 +7,7 @@ import compression from "compression"; import { fileURLToPath } from "url"; import { dirname } from "path"; import sessionParser from "./routes/session_parser.js"; +import config from "./services/config.js"; import utils from "./services/utils.js"; import assets from "./routes/assets.js"; import routes from "./routes/routes.js"; @@ -33,6 +34,17 @@ app.set("views", path.join(scriptDir, "views")); app.set("view engine", "ejs"); app.use((req, res, next) => { + // set CORS header + if (config["Network"]["corsAllowOrigin"].length > 0) { + res.header("Access-Control-Allow-Origin", config["Network"]["corsAllowOrigin"]); + } + if (config["Network"]["corsAllowMethods"].length > 0) { + res.header("Access-Control-Allow-Methods", config["Network"]["corsAllowMethods"]); + } + if (config["Network"]["corsAllowHeaders"].length > 0) { + res.header("Access-Control-Allow-Headers", config["Network"]["corsAllowHeaders"]); + } + res.locals.t = t; return next(); }); diff --git a/src/services/config.ts b/src/services/config.ts index eda656a79..5ef95aad0 100644 --- a/src/services/config.ts +++ b/src/services/config.ts @@ -29,6 +29,9 @@ export interface TriliumConfig { certPath: string; keyPath: string; trustedReverseProxy: boolean | string; + corsAllowOrigin: string; + corsAllowMethods: string; + corsAllowHeaders: string; }; Session: { cookieMaxAge: number; @@ -79,7 +82,16 @@ const config: TriliumConfig = { process.env.TRILIUM_NETWORK_KEYPATH || iniConfig.Network.keyPath || "", trustedReverseProxy: - process.env.TRILIUM_NETWORK_TRUSTEDREVERSEPROXY || iniConfig.Network.trustedReverseProxy || false + process.env.TRILIUM_NETWORK_TRUSTEDREVERSEPROXY || iniConfig.Network.trustedReverseProxy || false, + + corsAllowOrigin: + process.env.TRILIUM_CORS_ALLOW_ORIGIN || iniConfig.Network.corsAllowOrigin || "", + + corsAllowMethods: + process.env.TRILIUM_CORS_ALLOW_METHODS || iniConfig.Network.corsAllowMethods || "", + + corsAllowHeaders: + process.env.TRILIUM_CORS_ALLOW_HEADERS || iniConfig.Network.corsAllowHeaders || "" }, Session: { From 402d84e9ee315803fce96bff671c544756d77781 Mon Sep 17 00:00:00 2001 From: Yiran Lu Date: Wed, 16 Apr 2025 01:01:11 +0200 Subject: [PATCH 2/3] change to more logical environment variable name --- src/app.ts | 6 +++--- src/services/config.ts | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/app.ts b/src/app.ts index 19eea047d..58dfaa4ce 100644 --- a/src/app.ts +++ b/src/app.ts @@ -35,13 +35,13 @@ app.set("view engine", "ejs"); app.use((req, res, next) => { // set CORS header - if (config["Network"]["corsAllowOrigin"].length > 0) { + if (config["Network"]["corsAllowOrigin"]) { res.header("Access-Control-Allow-Origin", config["Network"]["corsAllowOrigin"]); } - if (config["Network"]["corsAllowMethods"].length > 0) { + if (config["Network"]["corsAllowMethods"]) { res.header("Access-Control-Allow-Methods", config["Network"]["corsAllowMethods"]); } - if (config["Network"]["corsAllowHeaders"].length > 0) { + if (config["Network"]["corsAllowHeaders"]) { res.header("Access-Control-Allow-Headers", config["Network"]["corsAllowHeaders"]); } diff --git a/src/services/config.ts b/src/services/config.ts index 5ef95aad0..1d7cc9dec 100644 --- a/src/services/config.ts +++ b/src/services/config.ts @@ -85,13 +85,13 @@ const config: TriliumConfig = { process.env.TRILIUM_NETWORK_TRUSTEDREVERSEPROXY || iniConfig.Network.trustedReverseProxy || false, corsAllowOrigin: - process.env.TRILIUM_CORS_ALLOW_ORIGIN || iniConfig.Network.corsAllowOrigin || "", + process.env.TRILIUM_NETWORK_CORS_ALLOW_ORIGIN || iniConfig.Network.corsAllowOrigin || "", corsAllowMethods: - process.env.TRILIUM_CORS_ALLOW_METHODS || iniConfig.Network.corsAllowMethods || "", + process.env.TRILIUM_NETWORK_CORS_ALLOW_METHODS || iniConfig.Network.corsAllowMethods || "", corsAllowHeaders: - process.env.TRILIUM_CORS_ALLOW_HEADERS || iniConfig.Network.corsAllowHeaders || "" + process.env.TRILIUM_NETWORK_CORS_ALLOW_HEADERS || iniConfig.Network.corsAllowHeaders || "" }, Session: { From e6ccd88abb352fc9193c1f084080f1f7251a2766 Mon Sep 17 00:00:00 2001 From: Yiran Lu Date: Wed, 16 Apr 2025 01:08:17 +0200 Subject: [PATCH 3/3] add CORS settings in config-sample.ini --- config-sample.ini | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/config-sample.ini b/config-sample.ini index 83f10c4f7..f89790163 100644 --- a/config-sample.ini +++ b/config-sample.ini @@ -25,6 +25,11 @@ keyPath= # expressjs shortcuts are supported: loopback(127.0.0.1/8, ::1/128), linklocal(169.254.0.0/16, fe80::/10), uniquelocal(10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, fc00::/7) trustedReverseProxy=false +# setting the CORS headers for cross-origin requests +# corsAllowOrigin='*' +# corsAllowMethods='GET,POST,PUT,DELETE,PATCH' +# corsAllowHeaders='Content-Type,Authorization' + [Session] # Use this setting to set a custom value for the "Max-Age" Attribute of the session cookie.