Bump @koa/cors to v5

- avoid a npm vulnerability using oidc-provider
TransitApp · Jun 18, 2024 · 7fd6aa9 · 7fd6aa9
1 parent 523d587
commit 7fd6aa9
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 12 deletions.
diff --git a/lib/shared/cors.js b/lib/shared/cors.js
@@ -20,7 +20,13 @@ function checkClientCORS(ctx, client) {
 }
 
 module.exports = ({ clientBased = false, ...options }) => {
-  const builtin = cors({ keepHeadersOnError: false, ...options });
+  const builtin = cors({
+    keepHeadersOnError: false,
+    origin(ctx) {
+      return ctx.get('Origin') || '*';
+    },
+    ...options,
+  });
 
   return async (ctx, next) => {
     const headers = Object.keys(ctx.response.headers);

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -55,10 +55,10 @@
     "test": "node ./test/run"
   },
   "dependencies": {
-    "@koa/cors": "^3.3.0",
+    "@koa/cors": "^5.0.0",
     "cacheable-lookup": "^6.0.4",
     "debug": "^4.3.4",
-    "ejs": "^3.1.8",
+    "ejs": "^3.1.10",
     "got": "^11.8.5",
     "jose": "^4.10.3",
     "jsesc": "^3.0.2",