Skip to content

Commit 05d1dda

Browse files
mikebarkminmikebarkmin
committed
use base url for cors
1 parent 274788e commit 05d1dda

2 files changed

Lines changed: 5 additions & 1 deletion

File tree

platforms/cloud/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ cp .env.example .env
4545
| `SMTP_USER` | SMTP username ||
4646
| `SMTP_PASS` | SMTP password ||
4747
| `SMTP_FROM` | Sender email address | `noreply@example.com` |
48-
| `BASE_URL` | Public URL (used in password reset links) | auto-detected |
48+
| `BASE_URL` | Public URL (used in password reset links and for CORS) | required |
4949

5050
## Users & Permissions
5151

platforms/cloud/app.js

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,13 +15,17 @@ var app = express();
1515

1616
var PORT = process.env.PORT || 3001;
1717

18+
var corsOrigins = [process.env.BASE_URL];
19+
1820
app.use(cors({
1921
origin: async function(origin, callback) {
2022
if (!origin) return callback(null, true);
2123

2224
var selfOrigin = 'http://localhost:' + PORT;
2325
if (origin === selfOrigin) return callback(null, true);
2426

27+
if (corsOrigins.includes(origin)) return callback(null, true);
28+
2529
try {
2630
var hyperbooks = await db.allAsync(
2731
'SELECT url FROM hyperbooks WHERE url IS NOT NULL'

0 commit comments

Comments
 (0)