astro Architecture Docs
Home / Function/ createOriginCheckMiddleware() — astro Function Reference

createOriginCheckMiddleware() — astro Function Reference

Architecture documentation for the createOriginCheckMiddleware() function in middlewares.ts from the astro codebase.

Function typescript CoreAstro CoreMiddleware calls 1

Entity Profile

Dependency Diagram

graph TD
  e5391f23_964b_7d27_a09a_19fb686f5ff3["createOriginCheckMiddleware()"]
  2708f5c4_261d_e0b9_a0f9_f2b98541fcf7["middlewares.ts"]
  e5391f23_964b_7d27_a09a_19fb686f5ff3 -->|defined in| 2708f5c4_261d_e0b9_a0f9_f2b98541fcf7
  64ceb8a0_2007_575b_ef04_927e3ea9611f["hasFormLikeHeader()"]
  e5391f23_964b_7d27_a09a_19fb686f5ff3 -->|calls| 64ceb8a0_2007_575b_ef04_927e3ea9611f
  style e5391f23_964b_7d27_a09a_19fb686f5ff3 fill:#6366f1,stroke:#818cf8,color:#fff

Relationship Graph

Source Code

packages/astro/src/core/app/middlewares.ts lines 24–55

export function createOriginCheckMiddleware(): MiddlewareHandler {
	return defineMiddleware((context, next) => {
		const { request, url, isPrerendered } = context;
		// Prerendered pages should be excluded
		if (isPrerendered) {
			return next();
		}
		// Safe methods don't require origin check
		if (SAFE_METHODS.includes(request.method)) {
			return next();
		}
		const isSameOrigin = request.headers.get('origin') === url.origin;

		const hasContentType = request.headers.has('content-type');
		if (hasContentType) {
			const formLikeHeader = hasFormLikeHeader(request.headers.get('content-type'));
			if (formLikeHeader && !isSameOrigin) {
				return new Response(`Cross-site ${request.method} form submissions are forbidden`, {
					status: 403,
				});
			}
		} else {
			if (!isSameOrigin) {
				return new Response(`Cross-site ${request.method} form submissions are forbidden`, {
					status: 403,
				});
			}
		}

		return next();
	});
}

Domain

Subdomains

Defined In

Calls

Source

Frequently Asked Questions

What does createOriginCheckMiddleware() do?
createOriginCheckMiddleware() is a function in the astro codebase, defined in packages/astro/src/core/app/middlewares.ts.
Where is createOriginCheckMiddleware() defined?
createOriginCheckMiddleware() is defined in packages/astro/src/core/app/middlewares.ts at line 24.
What does createOriginCheckMiddleware() call?
createOriginCheckMiddleware() calls 1 function(s): hasFormLikeHeader.

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free