Revert "deprecate ALLOWED_IFRAME_ORIGINS"

This reverts commit 9792f06691.
This commit is contained in:
gitmotion
2025-06-20 09:36:05 -07:00
parent 9792f06691
commit 683ee93036
4 changed files with 30 additions and 28 deletions

View File

@@ -9,13 +9,7 @@ PORT=3000
# You must update this to the url you use to access your site
BASE_URL=http://localhost:3000/
# Comma-separated list of allowed origins for CORS
# (default: '*' if empty, add your base_url if you want to restrict only to base_url)
# When adding multiple origins, base_url will be included by default
# ALLOWED_ORIGINS: http://internalip:port,https://subdomain.example.com
ALLOWED_ORIGINS=*
# Node environment (default: production)
# Node environment (default: development)
NODE_ENV=production
#########################################
@@ -68,4 +62,8 @@ APPRISE_SIZE_UNIT=Auto
#########################################
# Enable automatic upload on file selection (true/false, default: false)
AUTO_UPLOAD=false
AUTO_UPLOAD=false
# Comma-separated list of origins allowed to embed the app in an iframe (optional)
# ALLOWED_IFRAME_ORIGINS=https://example.com,https://another.com
ALLOWED_IFRAME_ORIGINS=

View File

@@ -15,14 +15,9 @@ services:
AUTO_UPLOAD: true # Upload without clicking button
BASE_URL: http://localhost:3000 # The base URL for the application, You must update this to the url you use to access your site
# Comma-separated list of allowed origins for CORS
# (default: '*' if empty, add your base_url if you want to restrict only to base_url)
# When adding multiple origins, base_url will be included by default
# ALLOWED_ORIGINS: http://internalip:port,https://subdomain.example.com
# Additional available environment variables (commented out with defaults)
# PORT: 3000 # Server port (default: 3000)
# NODE_ENV: production # Node environment (development/production) - when not using production ALLOWED_ORIGINS will be set to '*' by default
# NODE_ENV: production # Node environment (development/production)
# DEBUG: false # Debug mode for verbose logging (default: false in production, true in development)
# APPRISE_URL: "" # Apprise notification URL for upload notifications (default: none)
# APPRISE_MESSAGE: "New file uploaded - {filename} ({size}), Storage used {storage}" # Notification message template with placeholders: {filename}, {size}, {storage}

View File

@@ -1,5 +1,16 @@
require('dotenv').config();
console.log('Loaded ENV:', {
PORT: process.env.PORT,
UPLOAD_DIR: process.env.UPLOAD_DIR,
LOCAL_UPLOAD_DIR: process.env.LOCAL_UPLOAD_DIR,
NODE_ENV: process.env.NODE_ENV
});
console.log('Loaded ENV:', {
PORT: process.env.PORT,
UPLOAD_DIR: process.env.UPLOAD_DIR,
LOCAL_UPLOAD_DIR: process.env.LOCAL_UPLOAD_DIR,
NODE_ENV: process.env.NODE_ENV
});
const { validatePin } = require('../utils/security');
const logger = require('../utils/logger');
const fs = require('fs');
@@ -22,6 +33,7 @@ const { version } = require('../../package.json'); // Get version from package.j
* APPRISE_MESSAGE - Notification message template (default provided)
* APPRISE_SIZE_UNIT - Size unit for notifications (optional)
* ALLOWED_EXTENSIONS - Comma-separated list of allowed file extensions (optional)
* ALLOWED_IFRAME_ORIGINS - Comma-separated list of allowed iframe origins (optional)
*/
// Helper for clear configuration logging
@@ -31,20 +43,13 @@ const logConfig = (message, level = 'info') => {
};
// Default configurations
const DEFAULT_PORT = 3000;
const DEFAULT_CHUNK_SIZE = 1024 * 1024 * 100; // 100MB
const DEFAULT_SITE_TITLE = 'DumbDrop';
const NODE_ENV = process.env.NODE_ENV || 'production';
const PORT = process.env.PORT || 3000;
const BASE_URL = process.env.BASE_URL || `http://localhost:${PORT}`;
const DEFAULT_CLIENT_MAX_RETRIES = 5; // Default retry count
console.log('Loaded ENV:', {
PORT,
UPLOAD_DIR: process.env.UPLOAD_DIR,
LOCAL_UPLOAD_DIR: process.env.LOCAL_UPLOAD_DIR,
NODE_ENV,
BASE_URL,
ALLOWED_ORIGINS: process.env.ALLOWED_ORIGINS || '*',
});
const logAndReturn = (key, value, isDefault = false) => {
logConfig(`${key}: ${value}${isDefault ? ' (default)' : ''}`);
return value;
@@ -117,12 +122,12 @@ const config = {
* Port for the server (default: 3000)
* Set via PORT in .env
*/
port: process.env.PORT,
port: process.env.PORT || DEFAULT_PORT,
/**
* Node environment (default: 'development')
* Set via NODE_ENV in .env
*/
nodeEnv: process.env.NODE_ENV || 'production',
nodeEnv: process.env.NODE_ENV || 'development',
/**
* Base URL for the app (default: http://localhost:${PORT})
* Set via BASE_URL in .env
@@ -207,6 +212,10 @@ const config = {
process.env.ALLOWED_EXTENSIONS.split(',').map(ext => ext.trim().toLowerCase()) :
null,
allowedIframeOrigins: process.env.ALLOWED_IFRAME_ORIGINS
? process.env.ALLOWED_IFRAME_ORIGINS.split(',').map(origin => origin.trim()).filter(Boolean)
: null,
/**
* Max number of retries for client-side chunk uploads (default: 5)
* Set via CLIENT_MAX_RETRIES in .env
@@ -243,6 +252,7 @@ function validateConfig() {
// Validate BASE_URL format
try {
let url = new URL(config.baseUrl);
// Ensure BASE_URL ends with a slash
if (!config.baseUrl.endsWith('/')) {
logger.warn('BASE_URL did not end with a trailing slash. Automatically appending "/".');

View File

@@ -3,8 +3,7 @@ const NODE_ENV = process.env.NODE_ENV || 'production';
let allowedOrigins = [];
function setupOrigins(baseUrl) {
const normalizedBaseUrl = normalizeOrigin(baseUrl);
allowedOrigins = [ normalizedBaseUrl ];
allowedOrigins = [ baseUrl ];
if (NODE_ENV === 'development' || ALLOWED_ORIGINS === '*') allowedOrigins = '*';
else if (ALLOWED_ORIGINS && typeof ALLOWED_ORIGINS === 'string') {