cowch/lst
1
0
Fork 0
Code Issues 6 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(app): cors fix to account for port or alpla.net

Browse Source
This commit is contained in:
Blake Matthes
2025-09-29 12:44:14 -05:00
parent 49a0eca117
commit 99e70fcafb
1 changed files with 24 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
app/main.ts
View File

@@ -81,24 +81,38 @@ const main = async () => {
app.use(express.json());
const allowedOrigins = [
"http://localhost:5173", // lstV2 dev
"http://localhost:5500", // lst dev
"http://localhost:4200", // express
"http://localhost:4000", // prod port
/^https?:\/\/localhost:(5173|5500|4200|3000|4000)$/, // all the allowed backend ports
/^https?:\/\/.*\.alpla\.net$/,
env.BETTER_AUTH_URL, // prod
];
app.use(
cors({
origin: (origin, callback) => {
// allow requests with no origin (like curl, service workers, PWAs)
if (!origin) return callback(null, true);
//console.log("CORS request from origin:", origin);
if (allowedOrigins.includes(origin)) {
return callback(null, true);
} else {
return callback(new Error("Not allowed by CORS"));
if (!origin) return callback(null, true); // allow same-site or direct calls
try {
const hostname = new URL(origin).hostname; // strips protocol/port
//console.log("Parsed hostname:", hostname);
if (allowedOrigins.includes(origin)) {
return callback(null, true);
}
// Now this works for *.alpla.net
if (
hostname.endsWith(".alpla.net") ||
hostname === "alpla.net"
) {
return callback(null, true);
}
} catch (err) {
//console.error("Invalid Origin header:", origin);
}
return callback(new Error("Not allowed by CORS: " + origin));
},
methods: ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"],
credentials: true,