From edc0e6ffb37bcbddfae1448ec28005efde76a0e4 Mon Sep 17 00:00:00 2001 From: Andrew Nicolaou Date: Sun, 19 Apr 2020 13:39:00 +0200 Subject: [PATCH 1/2] Always allow localhost CORS requests --- server/server.js | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/server/server.js b/server/server.js index 1ced332f..ab8805f2 100644 --- a/server/server.js +++ b/server/server.js @@ -46,8 +46,9 @@ if (process.env.BASIC_USERNAME && process.env.BASIC_PASSWORD) { })); } -const corsOriginsWhitelist = [ +const allowedCorsOrigins = [ /p5js\.org$/, + /localhost/ // to allow client-only development ]; // Run Webpack dev server in development mode @@ -55,8 +56,6 @@ if (process.env.NODE_ENV === 'development') { const compiler = webpack(config); app.use(webpackDevMiddleware(compiler, { noInfo: true, publicPath: config.output.publicPath })); app.use(webpackHotMiddleware(compiler)); - - corsOriginsWhitelist.push(/localhost/); } const mongoConnectionString = process.env.MONGO_URL; @@ -65,7 +64,7 @@ app.set('trust proxy', true); // Enable Cross-Origin Resource Sharing (CORS) for all origins const corsMiddleware = cors({ credentials: true, - origin: corsOriginsWhitelist, + origin: allowedCorsOrigins, }); app.use(corsMiddleware); // Enable pre-flight OPTIONS route for all end-points From 0b5180d26c17f1026f3aa64184496eb9879000cc Mon Sep 17 00:00:00 2001 From: Andrew Nicolaou Date: Sun, 3 May 2020 13:20:14 +0200 Subject: [PATCH 2/2] Configure CORS localhost origin via CORS_ALLOW_LOCALHOST env var --- .env.example | 1 + server/server.js | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.env.example b/.env.example index 5e696e25..3a070317 100644 --- a/.env.example +++ b/.env.example @@ -2,6 +2,7 @@ API_URL=/editor AWS_ACCESS_KEY= AWS_REGION= AWS_SECRET_KEY= +CORS_ALLOW_LOCALHOST=true EMAIL_SENDER= EMAIL_VERIFY_SECRET_TOKEN=whatever_you_want_this_to_be_it_only_matters_for_production EXAMPLE_USER_EMAIL=examples@p5js.org diff --git a/server/server.js b/server/server.js index ab8805f2..892ff85f 100644 --- a/server/server.js +++ b/server/server.js @@ -48,9 +48,13 @@ if (process.env.BASIC_USERNAME && process.env.BASIC_PASSWORD) { const allowedCorsOrigins = [ /p5js\.org$/, - /localhost/ // to allow client-only development ]; +// to allow client-only development +if (process.env.CORS_ALLOW_LOCALHOST === 'true') { + allowedCorsOrigins.push(/localhost/); +} + // Run Webpack dev server in development mode if (process.env.NODE_ENV === 'development') { const compiler = webpack(config);