cowch/lst
1
0
Fork 0
Code Issues 6 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(app): cors fix to account for port or alpla.net

Browse Source
This commit is contained in:
Blake Matthes
2025-09-29 12:44:14 -05:00
parent 49a0eca117
commit 99e70fcafb
1 changed files with 24 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
app/main.ts
View File

@@ -81,24 +81,38 @@ const main = async () => {
app.use(express.json()); app.use(express.json());
const allowedOrigins = [ const allowedOrigins = [
"http://localhost:5173", // lstV2 dev /^https?:\/\/localhost:(5173|5500|4200|3000|4000)$/, // all the allowed backend ports
"http://localhost:5500", // lst dev /^https?:\/\/.*\.alpla\.net$/,
"http://localhost:4200", // express
"http://localhost:4000", // prod port
env.BETTER_AUTH_URL, // prod env.BETTER_AUTH_URL, // prod
]; ];
app.use( app.use(
cors({ cors({
origin: (origin, callback) => { origin: (origin, callback) => {
// allow requests with no origin (like curl, service workers, PWAs) //console.log("CORS request from origin:", origin);
if (!origin) return callback(null, true);
if (allowedOrigins.includes(origin)) { if (!origin) return callback(null, true); // allow same-site or direct calls
return callback(null, true);
} else { try {
return callback(new Error("Not allowed by CORS")); const hostname = new URL(origin).hostname; // strips protocol/port
//console.log("Parsed hostname:", hostname);
if (allowedOrigins.includes(origin)) {
return callback(null, true);
}
// Now this works for *.alpla.net
if (
hostname.endsWith(".alpla.net") ||
hostname === "alpla.net"
) {
return callback(null, true);
}
} catch (err) {
//console.error("Invalid Origin header:", origin);
} }
return callback(new Error("Not allowed by CORS: " + origin));
}, },
methods: ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"], methods: ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"],
credentials: true, credentials: true,