aaronrene / knowtation public
check-gateway-cors.mjs
56 lines 1.7 KB
Raw
sha256:8915fe406161f95c1681f9469375e7bae5b28c884f00bedbdef65e4b0cd0738d docs(flow): commit FLOW-V0-SPEC.md hygiene for 7A-INT merge Human 10 hours ago
1 #!/usr/bin/env node
2 /**
3 * OPTIONS preflight probe against the hosted gateway (no JWT).
4 * Confirms Access-Control-Allow-Origin is not * together with Allow-Credentials: true.
5 *
6 * KNOWTATION_HUB_API=https://knowtation-gateway.netlify.app node scripts/check-gateway-cors.mjs
7 */
8
9 const apiBase = (process.env.KNOWTATION_HUB_API || 'https://knowtation-gateway.netlify.app').replace(/\/$/, '');
10 const origins = (process.env.KNOWTATION_CORS_TEST_ORIGINS ||
11 'https://knowtation.store,https://www.knowtation.store')
12 .split(',')
13 .map((s) => s.trim())
14 .filter(Boolean);
15
16 async function probe(origin) {
17 const url = `${apiBase}/api/v1/health`;
18 const res = await fetch(url, {
19 method: 'OPTIONS',
20 headers: {
21 Origin: origin,
22 'Access-Control-Request-Method': 'GET',
23 },
24 });
25 const ao = res.headers.get('access-control-allow-origin');
26 const ac = res.headers.get('access-control-allow-credentials');
27 return { status: res.status, allowOrigin: ao, allowCredentials: ac };
28 }
29
30 async function main() {
31 console.log('Gateway:', apiBase);
32 for (const origin of origins) {
33 try {
34 const r = await probe(origin);
35 const bad = r.allowOrigin === '*' && r.allowCredentials === 'true';
36 console.log(
37 origin,
38 '→',
39 r.status,
40 'Allow-Origin:',
41 r.allowOrigin || '(missing)',
42 'Allow-Credentials:',
43 r.allowCredentials || '(missing)',
44 bad ? '❌ INVALID (* + credentials)' : 'ok',
45 );
46 } catch (e) {
47 console.log(origin, '→ ERROR', e.message);
48 }
49 }
50 console.log('\nProduction: set Netlify HUB_CORS_ORIGIN to both apex and www (see hub/gateway/cors-middleware.mjs).');
51 }
52
53 main().catch((e) => {
54 console.error(e);
55 process.exit(1);
56 });
File History 1 commit
sha256:8915fe406161f95c1681f9469375e7bae5b28c884f00bedbdef65e4b0cd0738d docs(flow): commit FLOW-V0-SPEC.md hygiene for 7A-INT merge Human 10 hours ago