From 36ab5800a34b79288935b6852265097347bb91b9 Mon Sep 17 00:00:00 2001
From: Johannes Zellner <johannes@cloudron.io>
Date: Thu, 11 Apr 2024 15:51:20 +0200
Subject: [PATCH] oidc: enable CORS for internal apps

---
 src/oidc.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/oidc.js b/src/oidc.js
index 2d3cd1911..c757df75a 100644
--- a/src/oidc.js
+++ b/src/oidc.js
@@ -801,6 +801,12 @@ async function start() {
                 return false;
             }
         },
+        clientBasedCORS(ctx, origin, client) {
+            // allow CORS for clients where at least the origin matches where we redirect back to
+            if (client.redirectUris.find((u) => u.indexOf(origin) === 0)) return true;
+
+            return false;
+        },
         conformIdTokenClaims: false,
         // https://github.com/panva/node-oidc-provider/blob/main/recipes/skip_consent.md
         loadExistingGrant: async function (ctx) {