diff --git a/package.json b/package.json index 9b44fe8..86c52b2 100644 --- a/package.json +++ b/package.json @@ -62,13 +62,11 @@ "report:provider-cli-e2e": "node --experimental-strip-types tests/integration/report-provider-cli-e2e.ts" }, "dependencies": { - "cors": "^2.8.5", "dotenv": "^16.4.5", "express": "^4.21.0" }, "devDependencies": { "@vitest/coverage-v8": "^3.2.4", - "@types/cors": "^2.8.17", "@types/express": "^4.17.21", "@types/node": "^22.0.0", "tsx": "^4.19.0", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 080b9a5..1218486 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -8,9 +8,6 @@ importers: .: dependencies: - cors: - specifier: ^2.8.5 - version: 2.8.6 dotenv: specifier: ^16.4.5 version: 16.6.1 @@ -18,9 +15,6 @@ importers: specifier: ^4.21.0 version: 4.22.1 devDependencies: - '@types/cors': - specifier: ^2.8.17 - version: 2.8.19 '@types/express': specifier: ^4.17.21 version: 4.17.25 @@ -395,9 +389,6 @@ packages: '@types/connect@3.4.38': resolution: {integrity: sha512-K6uROf1LD88uDQqJCktA4yzL1YYAK6NgfsI0v/mTgyPKWsX1CnJ0XPSDhViejru1GcRkLWb8RlzFYJRqGUbaug==} - '@types/cors@2.8.19': - resolution: {integrity: sha512-mFNylyeyqN93lfe/9CSxOGREz8cpzAhH+E93xJ4xWQf62V8sQ/24reV2nyzUWM6H6Xji+GGHpkbLe7pVoUEskg==} - '@types/deep-eql@4.0.2': resolution: {integrity: sha512-c9h9dVVMigMPc4bwTvC5dxqtqJZwQPePsWjPlpSOnojbor6pGqdk541lfA7AqFQr5pB1BRdq0juY9db81BwyFw==} @@ -566,10 +557,6 @@ packages: resolution: {integrity: sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==} engines: {node: '>= 0.6'} - cors@2.8.6: - resolution: {integrity: sha512-tJtZBBHA6vjIAaF6EnIaq6laBBP9aq/Y3ouVJjEfoHbRBcHBAHYcMh/w8LDrk2PvIMMq8gmopa5D4V8RmbrxGw==} - engines: {node: '>= 0.10'} - cross-spawn@7.0.6: resolution: {integrity: sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==} engines: {node: '>= 8'} @@ -851,10 +838,6 @@ packages: resolution: {integrity: sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==} engines: {node: '>= 0.6'} - object-assign@4.1.1: - resolution: {integrity: sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==} - engines: {node: '>=0.10.0'} - object-inspect@1.13.4: resolution: {integrity: sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==} engines: {node: '>= 0.4'} @@ -1380,10 +1363,6 @@ snapshots: dependencies: '@types/node': 22.19.17 - '@types/cors@2.8.19': - dependencies: - '@types/node': 22.19.17 - '@types/deep-eql@4.0.2': {} '@types/estree@1.0.8': {} @@ -1584,11 +1563,6 @@ snapshots: cookie@0.7.2: {} - cors@2.8.6: - dependencies: - object-assign: 4.1.1 - vary: 1.1.2 - cross-spawn@7.0.6: dependencies: path-key: 3.1.1 @@ -1888,8 +1862,6 @@ snapshots: negotiator@0.6.3: {} - object-assign@4.1.1: {} - object-inspect@1.13.4: {} on-finished@2.4.1: diff --git a/src/proxy.ts b/src/proxy.ts index 63c1a80..207ca17 100644 --- a/src/proxy.ts +++ b/src/proxy.ts @@ -11,7 +11,6 @@ */ import "dotenv/config"; -import cors from "cors"; import express from "express"; import { realpathSync } from "node:fs"; import { Readable } from "node:stream"; @@ -401,7 +400,6 @@ export function createApp(): express.Express { const app = express(); - app.use(cors()); app.use(express.json({ limit: "50mb" })); app.get("/", (_req, res) => { diff --git a/tests/integration/proxy-local.test.ts b/tests/integration/proxy-local.test.ts index 938ac87..069a2e3 100644 --- a/tests/integration/proxy-local.test.ts +++ b/tests/integration/proxy-local.test.ts @@ -492,6 +492,15 @@ describe.sequential("proxy local integration", () => { }); }); + it("does not enable CORS for browser origins by default", async () => { + const response = await fetch(`${harness.proxyBaseUrl}/health`, { + headers: { origin: "https://example.com" }, + }); + + expect(response.status).toBe(200); + expect(response.headers.get("access-control-allow-origin")).toBeNull(); + }); + it.each([ { provider: undefined, label: "missing" }, { provider: "not-a-provider", label: "invalid" },