From 81f56ec91d864c73b41ed797869ac15f939d070d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=ADctor=20Losada=20Hern=C3=A1ndez?=
 <losada.hernandez.victor@gmail.com>
Date: Mon, 9 Dec 2024 18:59:48 +0100
Subject: [PATCH] add heroku apps to cors

---
 server/app.js | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/server/app.js b/server/app.js
index 46aabc088..de44f0609 100644
--- a/server/app.js
+++ b/server/app.js
@@ -59,18 +59,20 @@ import cors from 'cors';
 
 // CORS Configuration
 const corsOptions = {
-
     origin: (origin, callback) => {
         const allowedOrigins = [
-			'https://homebrewery.naturalcrit.com',
-			'http://localhost:8000',
-			'http://localhost:8010',
-			'https://naturalcrit.com'
-		]; //allow natcrit local and live to call
-        if (!origin || allowedOrigins.includes(origin)) {
+            'https://homebrewery.naturalcrit.com',
+            'http://localhost:8000',
+            'http://localhost:8010',
+            'https://naturalcrit.com'
+        ];
+
+        const herokuRegex = /^https:\/\/.*\.herokuapp\.com$/; // Matches any Heroku app
+
+        if (!origin || allowedOrigins.includes(origin) || herokuRegex.test(origin)) {
             callback(null, true);
         } else {
-			console.log(origin, 'not allowed');
+            console.log(origin, 'not allowed');
             callback(new Error('Not allowed by CORS, if you think this is an error, please contact us'));
         }
     },
@@ -78,6 +80,7 @@ const corsOptions = {
     credentials: true,
 };
 
+
 app.use(cors(corsOptions));
 
 //Account Middleware