Merge pull request #1398 from andrewn/chore/allow-cors-localhost

Always allow localhost CORS requests
This commit is contained in:
Cassie Tarakajian 2020-05-26 15:10:02 -04:00 committed by GitHub
commit aff3a2df7f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 4 deletions

View file

@ -2,6 +2,7 @@ API_URL=/editor
AWS_ACCESS_KEY=<your-aws-access-key> AWS_ACCESS_KEY=<your-aws-access-key>
AWS_REGION=<your-aws-region> AWS_REGION=<your-aws-region>
AWS_SECRET_KEY=<your-aws-secret-key> AWS_SECRET_KEY=<your-aws-secret-key>
CORS_ALLOW_LOCALHOST=true
EMAIL_SENDER=<transactional-email-sender> EMAIL_SENDER=<transactional-email-sender>
EMAIL_VERIFY_SECRET_TOKEN=whatever_you_want_this_to_be_it_only_matters_for_production EMAIL_VERIFY_SECRET_TOKEN=whatever_you_want_this_to_be_it_only_matters_for_production
EXAMPLE_USER_EMAIL=examples@p5js.org EXAMPLE_USER_EMAIL=examples@p5js.org

View file

@ -46,17 +46,20 @@ if (process.env.BASIC_USERNAME && process.env.BASIC_PASSWORD) {
})); }));
} }
const corsOriginsWhitelist = [ const allowedCorsOrigins = [
/p5js\.org$/, /p5js\.org$/,
]; ];
// to allow client-only development
if (process.env.CORS_ALLOW_LOCALHOST === 'true') {
allowedCorsOrigins.push(/localhost/);
}
// Run Webpack dev server in development mode // Run Webpack dev server in development mode
if (process.env.NODE_ENV === 'development') { if (process.env.NODE_ENV === 'development') {
const compiler = webpack(config); const compiler = webpack(config);
app.use(webpackDevMiddleware(compiler, { noInfo: true, publicPath: config.output.publicPath })); app.use(webpackDevMiddleware(compiler, { noInfo: true, publicPath: config.output.publicPath }));
app.use(webpackHotMiddleware(compiler)); app.use(webpackHotMiddleware(compiler));
corsOriginsWhitelist.push(/localhost/);
} }
const mongoConnectionString = process.env.MONGO_URL; const mongoConnectionString = process.env.MONGO_URL;
@ -65,7 +68,7 @@ app.set('trust proxy', true);
// Enable Cross-Origin Resource Sharing (CORS) for all origins // Enable Cross-Origin Resource Sharing (CORS) for all origins
const corsMiddleware = cors({ const corsMiddleware = cors({
credentials: true, credentials: true,
origin: corsOriginsWhitelist, origin: allowedCorsOrigins,
}); });
app.use(corsMiddleware); app.use(corsMiddleware);
// Enable pre-flight OPTIONS route for all end-points // Enable pre-flight OPTIONS route for all end-points