Allow CORS for suggestions on https://shields.io

Issue raised here: https://twitter.com/igoradamenko_/status/818095292146941952
2017-01-08 16:36:32 +01:00 · 2017-01-08 16:36:32 +01:00 · 9816a5010f
commit 9816a5010f
parent 78494dd6ff
1 changed files with 8 additions and 1 deletions
--- a/suggest.js
+++ b/suggest.js
@ -14,7 +14,14 @@ try {
 //    - badge: shields image URL.
 //    - name: string
 var suggest = function(data, end, ask) {
-  ask.res.setHeader('Access-Control-Allow-Origin', 'http://shields.io');
+  var origin = ask.req.headers['origin'];
+  if (/^https?:\/\/shields\.io$/.test(origin)) {
+    ask.res.setHeader('Access-Control-Allow-Origin', origin);
+  } else {
+    ask.res.setHeader('Access-Control-Allow-Origin', 'null');
+    end({err:'Disallowed'});
+    return;
+  }
  try {
    var url = nodeUrl.parse(data.url);
  } catch(e) { end({err:''+e}); return; }