checkRequest method
Server request verification function, that checks for allowed origins
@param {http.IncomingMessage} request
@param {Function} callback to be called with the result: fn(err, success)
Implementation
void checkRequest(HttpRequest req, [Function? fn]) {
var origin = req.headers.value('origin') ?? req.headers.value('referer');
// file:// URLs produce a null Origin which can't be authorized via echo-back
if (origin == null || origin.isEmpty) {
origin = '*';
}
if (origin.isNotEmpty && _origins is Function) {
return _origins(origin, fn);
}
if (_origins.contains('*:*')) {
return fn!(null, true);
}
if (origin.isNotEmpty) {
try {
var parts = Uri.parse(origin);
var port = parts.port;
var ok = _origins.indexOf(parts.host + ':' + port.toString()) >= 0 ||
_origins.indexOf(parts.host + ':*') >= 0 ||
_origins.indexOf('*:' + port.toString()) >= 0;
return fn!(null, ok);
} catch (ex) {
print(ex);
}
}
fn!(null, false);
}