Skip to content

Commit

Permalink
fix: change CORS to allow origin app://-
Browse files Browse the repository at this point in the history 
The origin of the Electron app depends on how we run the app.
 - via `npm start` -> origin is http://localhost:3000
 - packaged -> origin is app://-

In this commit, I am changing our CORS header to be either
`http://localhost:3000` or `app://-`, depending on what
the client sends in the request header "Origin".

Signed-off-by: Miroslav Bajtoš <oss@bajtos.net>
  • Loading branch information
@bajtos
bajtos committed Nov 9, 2023
1 parent 40278b5 commit dda91d2
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 3 deletions.
2 changes: 1 addition & 1 deletion bin/station-wallet-screening.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ Sentry.init({
tracesSampleRate: 0.1
})

assert(CHAINALYSIS_API_KEY)
assert(CHAINALYSIS_API_KEY, 'CHAINALYSIS_API_KEY must be set via env vars')

const server = http.createServer(createHandler({
apiKey: CHAINALYSIS_API_KEY
Expand Down
23 changes: 21 additions & 2 deletions index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,28 @@ import { STATUS_CODES } from 'node:http'
import assert from 'node:assert'
import Sentry from '@sentry/node'

/**
*
* @param {import('node:http').IncomingMessage} req
* @param {import('node:http').ServerResponse} res
* @param {string} apiKey
* @param {typeof fetch} fetch
*/
const handler = async (req, res, apiKey, fetch) => {
// The origin is the electron app, which always has this address.
res.setHeader('Access-Control-Allow-Origin', 'http://localhost:3000')
// The origin is the electron app. The origin depends on how we run the app.
// - via `npm start` -> origin is http://localhost:3000
// - packaged -> origin is app://-
// Unfortunately, Access-Control-Allow-Origin supports only a single value (single origin)
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
// > Only a single origin can be specified. If the server supports clients from multiple origins,
// > it must return the origin for the specific client making the request.
console.log('origin:', req.headers.origin)
if (req.headers.origin === 'http://localhost:3000') {
res.setHeader('Access-Control-Allow-Origin', 'http://localhost:3000')
} else {
res.setHeader('Access-Control-Allow-Origin', 'app://-')
}

const address = req.url.split('/')[1].trim()
const fetchRes = await fetch(
`https://public.chainalysis.com/api/v1/address/${address}`,
Expand Down

0 comments on commit dda91d2

Please sign in to comment.