Skip to content

Commit d82da9d

Browse files
committed
chore: test cors from local and remote
1 parent 4eaaaaa commit d82da9d

1 file changed

Lines changed: 20 additions & 17 deletions

File tree

packages/server/index.ts

Lines changed: 20 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -25,12 +25,13 @@ import { Scalar } from "@scalar/hono-api-reference";
2525
const HOST = process.env.HOST || "http://localhost";
2626
const PORT = process.env.PORT || 3003;
2727
const whitelist = process.env.DOMAINS?.split(",") || [
28-
"localhost",
2928
HOST,
3029
`${HOST}:${PORT}`,
3130
"http://localhost:3002",
3231
"http://localhost:3000",
3332
"http://127.0.0.1:3000",
33+
"http://127.0.0.1:4321",
34+
"http://localhost:4321",
3435
];
3536
const ROUTES_PREFIX = process.env.ROUTES_PREFIX || "";
3637
const isDev = process.env.NODE_ENV === "development";
@@ -53,25 +54,27 @@ const app = ROUTES_PREFIX
5354
// middleware (rate limiter, CSRF, auth) can return a response without headers.
5455
const publicCors = cors({
5556
origin: "*",
56-
allowMethods: ["GET", "OPTIONS"],
57+
allowMethods: ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"],
5758
allowHeaders: ["Content-Type", "Authorization", "x-project-id"],
5859
});
5960

60-
if (!isDev) {
61-
app.use(`/charts/*`, publicCors);
62-
app.use(`/dashboards/*`, publicCors);
63-
} else {
64-
console.warn("cors is enabled for all routes in development mode. make sure to restrict this in production!");
65-
app.use(
66-
"/*",
67-
cors({
68-
origin: whitelist,
69-
credentials: true,
70-
allowMethods: ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"],
71-
allowHeaders: ["Content-Type", "Authorization", "x-project-id"],
72-
}),
73-
);
74-
}
61+
app.use("*", publicCors);
62+
63+
// if (!isDev) {
64+
// app.use(`/charts/*`, publicCors);
65+
// app.use(`/dashboards/*`, publicCors);
66+
// } else {
67+
// console.warn("cors is enabled for all routes in development mode. make sure to restrict this in production!");
68+
// app.use(
69+
// "/*",
70+
// cors({
71+
// origin: whitelist,
72+
// credentials: true,
73+
// allowMethods: ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"],
74+
// allowHeaders: ["Content-Type", "Authorization", "x-project-id"],
75+
// }),
76+
// );
77+
// }
7578

7679
// Prometheus metrics collection
7780
app.use("*", metricsMiddleware);

0 commit comments

Comments
 (0)