add localhost to allowed origins only if in local, also remake regex

2026-01-09 13:42:38 +00:00 · 2024-12-10 19:24:23 +01:00
parent 81f56ec91d
commit c29e1905bf
1 changed files with 12 additions and 8 deletions
--- a/server/app.js
+++ b/server/app.js
@@ -57,17 +57,24 @@ app.use(forceSSL);
 import cors from 'cors';
-// CORS Configuration
+const nodeEnv = config.get('node_env');
 const isLocalEnvironment = config.get('local_environments').includes(nodeEnv);
 const corsOptions = {
    origin: (origin, callback) => {
        const allowedOrigins = [
            'https://homebrewery.naturalcrit.com',
-            'http://localhost:8000',
+            'https://naturalcrit.com',
-            'http://localhost:8010',
+            'https://naturalcrit-stage.herokuapp.com',
-            'https://naturalcrit.com'
+            'https://homebrewery-stage.herokuapp.com',
        ];
-        const herokuRegex = /^https:\/\/.*\.herokuapp\.com$/; // Matches any Heroku app
+        if (isLocalEnvironment) {
            allowedOrigins.push('http://localhost:8000', 'http://localhost:8010');
        }
        const herokuRegex = /^https:\/\/(?:homebrewery-pr-\d+\.herokuapp\.com|naturalcrit-pr-\d+\.herokuapp\.com)$/; // Matches any Heroku app
        if (!origin || allowedOrigins.includes(origin) || herokuRegex.test(origin)) {
            callback(null, true);
@@ -80,7 +87,6 @@ const corsOptions = {
    credentials: true,
 };
 app.use(cors(corsOptions));
 //Account Middleware
@@ -505,8 +511,6 @@ app.get('/account', asyncHandler(async (req, res, next)=>{
 	return next();
 }));
 const nodeEnv = config.get('node_env');
 const isLocalEnvironment = config.get('local_environments').includes(nodeEnv);
 // Local only
 if(isLocalEnvironment){
 	// Login