From c29e1905bf4a578a42e1dd6fd86b89f3d0621c7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Losada=20Hern=C3=A1ndez?= Date: Tue, 10 Dec 2024 19:24:23 +0100 Subject: [PATCH] add localhost to allowed origins only if in local, also remake regex --- server/app.js | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/server/app.js b/server/app.js index de44f0609..4c6c9ba1f 100644 --- a/server/app.js +++ b/server/app.js @@ -57,17 +57,24 @@ app.use(forceSSL); import cors from 'cors'; -// CORS Configuration +const nodeEnv = config.get('node_env'); +const isLocalEnvironment = config.get('local_environments').includes(nodeEnv); + const corsOptions = { origin: (origin, callback) => { + const allowedOrigins = [ 'https://homebrewery.naturalcrit.com', - 'http://localhost:8000', - 'http://localhost:8010', - 'https://naturalcrit.com' + 'https://naturalcrit.com', + 'https://naturalcrit-stage.herokuapp.com', + 'https://homebrewery-stage.herokuapp.com', ]; - const herokuRegex = /^https:\/\/.*\.herokuapp\.com$/; // Matches any Heroku app + if (isLocalEnvironment) { + allowedOrigins.push('http://localhost:8000', 'http://localhost:8010'); + } + + const herokuRegex = /^https:\/\/(?:homebrewery-pr-\d+\.herokuapp\.com|naturalcrit-pr-\d+\.herokuapp\.com)$/; // Matches any Heroku app if (!origin || allowedOrigins.includes(origin) || herokuRegex.test(origin)) { callback(null, true); @@ -80,7 +87,6 @@ const corsOptions = { credentials: true, }; - app.use(cors(corsOptions)); //Account Middleware @@ -505,8 +511,6 @@ app.get('/account', asyncHandler(async (req, res, next)=>{ return next(); })); -const nodeEnv = config.get('node_env'); -const isLocalEnvironment = config.get('local_environments').includes(nodeEnv); // Local only if(isLocalEnvironment){ // Login