feat: rename to ALLOWED_PUBLIC_URL

2024-12-03 21:14:38 +05:30
parent 45c3419653
commit 52d9869b84
1 changed files with 9 additions and 3 deletions
--- a/server/src/server.ts
+++ b/server/src/server.ts
@@ -19,12 +19,18 @@ import { capture } from "./utils/analytics";
 import swaggerUi from 'swagger-ui-express';
 import swaggerSpec from './swagger/config';
 const isProduction = process.env.NODE_ENV === 'production';
-const allowedOrigin = isProduction ? process.env.ALLOWED_ORIGIN : '*';
+const allowedOrigin = isProduction ? process.env.ALLOWED_PUBLIC_URL : '*';

 const app = express();
 app.use(cors({
-  origin: 'http://localhost:5173',
-  credentials: true,
+  origin: (origin, callback) => {
+    if (!isProduction || origin === allowedOrigin || allowedOrigin === '*') {
+      callback(null, true); // Allow all in development or match production origin
+    } else {
+      callback(new Error('Not allowed by CORS')); // Block unexpected origins in production
+    }
+  },
+  credentials: true, // Include credentials if needed
 }));
 app.use(express.json());