From 52d9869b84bfde48cc2f62d31036249e11f53fd0 Mon Sep 17 00:00:00 2001
From: amhsirak <karishmashuklaa@gmail.com>
Date: Tue, 3 Dec 2024 21:14:38 +0530
Subject: [PATCH] feat: rename to ALLOWED_PUBLIC_URL

---
 server/src/server.ts | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/server/src/server.ts b/server/src/server.ts
index 26263f3a..e69a9b1f 100644
--- a/server/src/server.ts
+++ b/server/src/server.ts
@@ -19,12 +19,18 @@ import { capture } from "./utils/analytics";
 import swaggerUi from 'swagger-ui-express';
 import swaggerSpec from './swagger/config';
 const isProduction = process.env.NODE_ENV === 'production';
-const allowedOrigin = isProduction ? process.env.ALLOWED_ORIGIN : '*';
+const allowedOrigin = isProduction ? process.env.ALLOWED_PUBLIC_URL : '*';
 
 const app = express();
 app.use(cors({
-  origin: 'http://localhost:5173',
-  credentials: true,
+  origin: (origin, callback) => {
+    if (!isProduction || origin === allowedOrigin || allowedOrigin === '*') {
+      callback(null, true); // Allow all in development or match production origin
+    } else {
+      callback(new Error('Not allowed by CORS')); // Block unexpected origins in production
+    }
+  },
+  credentials: true, // Include credentials if needed
 }));
 app.use(express.json());