fix: handle cases where corsAllowedOrigins is a string or an array

center-for-threat-informed-defense · Dec 30, 2024 · fea9a62 · fea9a62
1 parent 5806f6c
commit fea9a62
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/app/config/config.js b/app/config/config.js
@@ -96,7 +96,10 @@ function validateDomains(value) {
         return; // '*' allows all origins; 'disable' explicitly disables CORS.
     }
 
-    const origins = value.split(',').map(origin => origin.trim());
+    // Normalize value to an array of origins
+    const origins = Array.isArray(value)
+        ? value
+        : value.split(',').map(origin => origin.trim());
 
     // Regex to validate FQDNs
     const fqdnRegex = /^(?!:\/\/)([a-zA-Z0-9-_]+\.)+[a-zA-Z]{2,}$/;
@@ -111,7 +114,12 @@ function validateDomains(value) {
 convict.addFormat({
     name: 'domains',
     validate: validateDomains,
-    coerce: value => value.split(',').map(origin => origin.trim()), // Normalize the input
+    coerce: value => {
+        if (Array.isArray(value)) {
+            return value.map(origin => origin.trim());
+        }
+        return value.split(',').map(origin => origin.trim()); // Normalize strings to arrays
+    },
 });
 
 function loadConfig() {