Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: Print CSS improvements #856

Draft
wants to merge 13 commits into
base: main
Choose a base branch
from
Draft

WIP: Print CSS improvements #856

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
49a9757
feat(print): adds media print queries to paynotes, headers, collapsables
ovbm May 30, 2024
3c24ea7
feat(print): remove inline seriesnav and newslettersignups
ovbm May 30, 2024
aaca1b9
feat(admin): remove Plausible (#855)
trm217 May 30, 2024
6ec4feb
Use Idempotent key to prevent double pay (#850)
hdahlheim May 30, 2024
accbc15
feat(cors): translate allow list to regex patterns (#854)
hdahlheim May 30, 2024
4acb3f1
feat(mail): remove plain text version from transactional mails
lucianak May 23, 2024
b7d877c
fix(templates): remove linebreaks from links in transactionals so man…
lucianak May 28, 2024
4dfd625
chore(templates): delete text templates
lucianak May 28, 2024
693e138
chore(mail): remove comments
lucianak May 28, 2024
e2de4d5
fix(mail): fix generateTextTemplates script problem
lucianak May 28, 2024
5946b99
chore(mail): delete generateTextTemplate script
lucianak May 28, 2024
fdb6130
chore(mail): adapt readme
lucianak May 28, 2024
a33c6f7
feat(cors): allways allow request from localhost (#857)
hdahlheim May 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
feat(cors): allways allow request from localhost (#857) 
the new dynamic regex matcher prevents request proxied from localhost.

There is no real reason why we should prevent localhost request similar to requests cli tools like curl
  • Loading branch information
@hdahlheim @jstcki
hdahlheim authored and jstcki committed Jun 5, 2024
commit a33c6f71eca62c5e6707c8dfd6092b01bccb121a
3 changes: 3 additions & 0 deletions packages/backend-modules/base/__tests__/corsRegex.u.jest.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,9 @@ const corsList = [
]

const expectedToPass = [
'http://localhost',
'http://localhost:3010',
'https://localhost:3010',
'http://republik.test',
'http://www.republik.test',
'http://api.republik.test',
Expand Down
12 changes: 11 additions & 1 deletion packages/backend-modules/base/lib/corsRegex.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,24 @@ function wildcardToRegex(pattern) {
return new RegExp(`^${escapedPattern}$`)
}

const LOCALHOST_ORIGIN =
/https?:\/\/(?:localhost|127\.0\.0\.1|::1)(?::\d{1,5})?/

function createCORSMatcher(allowedOrigins) {
const regexPatterns = allowedOrigins.map(wildcardToRegex)

return (origin, callback) => {
if (!origin) {
// Allow non-origin requests (like mobile apps, curl requests, etc.)
debug(`allowing non web request`)
// Allow non-origin requests (like mobile apps, curl requests, etc.) and request from localhost
return callback(null, true)
}
if (LOCALHOST_ORIGIN.test(origin)) {
debug(`allowing request from local origin [${origin}]`)
// Allow non-origin requests (like mobile apps, curl requests, etc.) and request from localhost
return callback(null, true)
}

debug(
`checking [${origin}] against CORS allow list ${JSON.stringify(
regexPatterns.map((r) => r.toString()),
Expand Down
Loading