Skip to content

Commit 08d2359

Browse files
committed
fix(server) use public cors
1 parent c3bb676 commit 08d2359

1 file changed

Lines changed: 17 additions & 16 deletions

File tree

packages/server/index.ts

Lines changed: 17 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -54,12 +54,12 @@ const allowHeaders = ["Content-Type", "Authorization", "x-project-id", "Access-C
5454

5555
// CORS must be first so OPTIONS preflights are answered before any other
5656
// middleware (rate limiter, CSRF, auth) can return a response without headers.
57-
// const publicCors = cors({
58-
// origin: "*",
59-
// credentials: true,
60-
// allowMethods,
61-
// allowHeaders,
62-
// });
57+
const publicCors = cors({
58+
origin: "*",
59+
credentials: false,
60+
allowMethods,
61+
allowHeaders,
62+
});
6363

6464
// const privateCors = cors({
6565
// origin: ["https://developers-italia.vercel.app", ...whitelist],
@@ -68,9 +68,10 @@ const allowHeaders = ["Content-Type", "Authorization", "x-project-id", "Access-C
6868
// allowHeaders,
6969
// });
7070

71-
if (!process.env.CORS_AT_INGRESS) {
72-
app.use("*", cors());
73-
}
71+
// if (!process.env.CORS_AT_INGRESS) {
72+
app.use("*", publicCors);
73+
// }
74+
7475
// if (!isDev) {
7576
// app.use(`/charts/*`, publicCors);
7677
// app.use(`/dashboards/*`, publicCors);
@@ -114,13 +115,13 @@ app.use("/auth/*", rateLimiter({
114115

115116

116117
// // CSRF protection
117-
// app.use(
118-
// csrf({
119-
// origin: isDev
120-
// ? ["http://localhost:3000", "http://localhost:3003", ...whitelist]
121-
// : process.env.HOST,
122-
// }),
123-
// );
118+
app.use(
119+
csrf({
120+
origin: isDev
121+
? ["http://localhost:3000", "http://localhost:3003", ...whitelist]
122+
: process.env.HOST,
123+
}),
124+
);
124125

125126
// ═══════════════════════════════════════════════════════════════════════════════
126127
// 🛣️ ROUTES

0 commit comments

Comments
 (0)