I am looking to enforce that requests come from the desired origin in process.env.URL
in my Netlify site. But currently I can both cURL
and make requests with Postman and get a response data back with a statusCode 200. Am I missing something?
exports.handler = async (event, context, callback) => {
try {
let id = event.rawUrl.split("/").pop();
let response;
switch (event.httpMethod) {
case "GET":
response = await prisma.like.count({ where: { postId: parseInt(id) } });
break;
case "POST":
response = await prisma.like.create({
data: { postId: parseInt(id) },
});
break;
case "DELETE":
response = await prisma.like.delete({
where: {
id: parseInt(id),
},
});
break;
}
callback(null, {
statusCode: 200,
headers: {
"Access-Control-Allow-Origin": process.env.URL,
"Access-Control-Allow-Headers":
"Origin, X-Requested-With, Content-Type, Accept",
"Access-Control-Allow-Methods": "*",
"Content-Type": "application/json",
},
body: JSON.stringify(response),
});
return;
} catch (e) {
console.error(e);
return { statusCode: 500 };
}
};
CORS is a browser feature, ie, the browser obeys the settings. curl doesn't care about CORS and ignores it.