diff --git a/src/node/cli.ts b/src/node/cli.ts index 37ff3628b2d8..3f3c8086d033 100644 --- a/src/node/cli.ts +++ b/src/node/cli.ts @@ -79,6 +79,7 @@ export interface UserProvidedArgs extends UserProvidedCodeArgs { "bind-addr"?: string socket?: string "socket-mode"?: string + "trusted-origins"?: string[] version?: boolean "proxy-domain"?: string[] "reuse-window"?: boolean @@ -208,6 +209,11 @@ export const options: Options> = { socket: { type: "string", path: true, description: "Path to a socket (bind-addr will be ignored)." }, "socket-mode": { type: "string", description: "File mode of the socket." }, + "trusted-origins": { + type: "string[]", + description: + "Disables authenticate origin check for trusted origin. Useful if not able to access reverse proxy configuration.", + }, version: { type: "boolean", short: "v", description: "Display version information." }, _: { type: "string[]" }, diff --git a/src/node/http.ts b/src/node/http.ts index 1885fef562fa..4158f0b81dc9 100644 --- a/src/node/http.ts +++ b/src/node/http.ts @@ -355,6 +355,11 @@ export function authenticateOrigin(req: express.Request): void { throw new Error(`unable to parse malformed origin "${originRaw}"`) } + const trustedOrigins = req.args["trusted-origins"] || [] + if (trustedOrigins.includes(origin) || trustedOrigins.includes("*")) { + return + } + const host = getHost(req) if (typeof host === "undefined") { // A missing host likely means the reverse proxy has not been configured to diff --git a/test/unit/node/http.test.ts b/test/unit/node/http.test.ts index 59a09dc87eb1..d15633a28329 100644 --- a/test/unit/node/http.test.ts +++ b/test/unit/node/http.test.ts @@ -70,6 +70,7 @@ describe("http", () => { origin: test.origin, [key]: value, }, + args: {}, }) if (typeof test.expected === "string") { expect(() => http.authenticateOrigin(req)).toThrow(test.expected)