security: remove duplicated code in CORS handling (!27297) · Merge requests · Warren Gifford / sourcegraph

Warren Gifford requested to merge sg/public-api-refactor-2 into main Nov 09, 2021

Created by: slimsag

Stacked on top of #27295

isTrustedOrigin is a defined function which checks whether or not a request comes from a trusted origin or not, but prior to this change we had the same exact logic duplicated in our CORS handling method in order to determine if we should send Access-Control-Allow-Origin back to the client with the origin the request came from.

Much clearer to reuse the same code, and reduces the surface area that bugs could arise in.

Signed-off-by: Stephen Gutekanst [email protected]

security: remove duplicated code in CORS handling

Merge request reports