diff --git a/.env.example b/.env.example index 5e696e25..3a070317 100644 --- a/.env.example +++ b/.env.example @@ -2,6 +2,7 @@ API_URL=/editor AWS_ACCESS_KEY= AWS_REGION= AWS_SECRET_KEY= +CORS_ALLOW_LOCALHOST=true EMAIL_SENDER= EMAIL_VERIFY_SECRET_TOKEN=whatever_you_want_this_to_be_it_only_matters_for_production EXAMPLE_USER_EMAIL=examples@p5js.org diff --git a/server/server.js b/server/server.js index 1ced332f..892ff85f 100644 --- a/server/server.js +++ b/server/server.js @@ -46,17 +46,20 @@ if (process.env.BASIC_USERNAME && process.env.BASIC_PASSWORD) { })); } -const corsOriginsWhitelist = [ +const allowedCorsOrigins = [ /p5js\.org$/, ]; +// to allow client-only development +if (process.env.CORS_ALLOW_LOCALHOST === 'true') { + allowedCorsOrigins.push(/localhost/); +} + // Run Webpack dev server in development mode if (process.env.NODE_ENV === 'development') { const compiler = webpack(config); app.use(webpackDevMiddleware(compiler, { noInfo: true, publicPath: config.output.publicPath })); app.use(webpackHotMiddleware(compiler)); - - corsOriginsWhitelist.push(/localhost/); } const mongoConnectionString = process.env.MONGO_URL; @@ -65,7 +68,7 @@ app.set('trust proxy', true); // Enable Cross-Origin Resource Sharing (CORS) for all origins const corsMiddleware = cors({ credentials: true, - origin: corsOriginsWhitelist, + origin: allowedCorsOrigins, }); app.use(corsMiddleware); // Enable pre-flight OPTIONS route for all end-points