Merge pull request #1398 from andrewn/chore/allow-cors-localhost

Always allow localhost CORS requests
2020-05-26 15:10:02 -04:00 · 2020-05-26 15:10:02 -04:00 · aff3a2df7f
parent 67f9824642 0b5180d26c
commit aff3a2df7f
2 changed files with 8 additions and 4 deletions
--- a/.env.example
+++ b/.env.example
@ -2,6 +2,7 @@ API_URL=/editor
 AWS_ACCESS_KEY=<your-aws-access-key>
 AWS_REGION=<your-aws-region>
 AWS_SECRET_KEY=<your-aws-secret-key>
+CORS_ALLOW_LOCALHOST=true
 EMAIL_SENDER=<transactional-email-sender>
 EMAIL_VERIFY_SECRET_TOKEN=whatever_you_want_this_to_be_it_only_matters_for_production
 EXAMPLE_USER_EMAIL=examples@p5js.org
--- a/server/server.js
+++ b/server/server.js
@ -46,17 +46,20 @@ if (process.env.BASIC_USERNAME && process.env.BASIC_PASSWORD) {
  }));
 }

-const corsOriginsWhitelist = [
+const allowedCorsOrigins = [
  /p5js\.org$/,
 ];

+// to allow client-only development
+if (process.env.CORS_ALLOW_LOCALHOST === 'true') {
+  allowedCorsOrigins.push(/localhost/);
+}
+
 // Run Webpack dev server in development mode
 if (process.env.NODE_ENV === 'development') {
  const compiler = webpack(config);
  app.use(webpackDevMiddleware(compiler, { noInfo: true, publicPath: config.output.publicPath }));
  app.use(webpackHotMiddleware(compiler));
-
-  corsOriginsWhitelist.push(/localhost/);
 }

 const mongoConnectionString = process.env.MONGO_URL;
@ -65,7 +68,7 @@ app.set('trust proxy', true);
 // Enable Cross-Origin Resource Sharing (CORS) for all origins
 const corsMiddleware = cors({
  credentials: true,
-  origin: corsOriginsWhitelist,
+  origin: allowedCorsOrigins,
 });
 app.use(corsMiddleware);
 // Enable pre-flight OPTIONS route for all end-points