verifyRequestOrigin()
Verifies the request originates from a trusted origin by comparing the Origin
header and host (e.g. Host
header).
Definition
function verifyRequestOrigin(origin: string, allowedDomains: string[]): boolean;
Parameters
origin
:Origin
headerallowedDomains
: Allowed request origins, full URL or URL host
Example
import { verifyRequestOrigin } from "lucia";
// true
verifyRequestOrigin("https://example.com", ["example.com"]);
verifyRequestOrigin("https://example.com", ["https://example.com"]);
// false
verifyRequestOrigin("https://foo.example.com", ["example.com"]);
verifyRequestOrigin("https://example.com", ["foo.example.com"]);