From 0353b2605891604cb182a96413e06263c1de5712 Mon Sep 17 00:00:00 2001 From: Mika Vohl Date: Tue, 19 Nov 2024 15:01:58 -0500 Subject: [PATCH 1/2] Allowed vercel automatic branch deployments in CORS policy --- app.js | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/app.js b/app.js index 2b067bdf..308d3ad9 100755 --- a/app.js +++ b/app.js @@ -43,17 +43,32 @@ if (!Services.env.isProduction()) { credentials: true }; } else { - // TODO: change this when necessary corsOptions = { - origin: [ - `https://${process.env.FRONTEND_ADDRESS_DEPLOY}`, - `https://${process.env.FRONTEND_ADDRESS_BETA}`, - `https://docs.mchacks.ca` - ], + origin: (origin, callback) => { + const allowedOrigins = [ + `https://${process.env.FRONTEND_ADDRESS_DEPLOY}`, + `https://${process.env.FRONTEND_ADDRESS_BETA}`, + `https://docs.mchacks.ca` + ]; + + const regex = /^https:\/\/dashboard-[\w-]+\.vercel\.app$/; + + if ( + allowedOrigins.includes(origin) || // Explicitly allowed origins + regex.test(origin) || // Matches dashboard subdomains + !origin // Allow non-origin requests + ) { + callback(null, true); + } else { + callback(new Error('Not allowed by CORS')); + } + }, credentials: true }; } + + app.use(cors(corsOptions)); app.use(Services.log.requestLogger); app.use(Services.log.errorLogger); From 2feaf7fe817575b48357609f7a75bee7dbd72dd0 Mon Sep 17 00:00:00 2001 From: Mika Vohl Date: Tue, 19 Nov 2024 15:07:01 -0500 Subject: [PATCH 2/2] Reject non-origin requests --- app.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/app.js b/app.js index 308d3ad9..7efd85cc 100755 --- a/app.js +++ b/app.js @@ -55,8 +55,7 @@ if (!Services.env.isProduction()) { if ( allowedOrigins.includes(origin) || // Explicitly allowed origins - regex.test(origin) || // Matches dashboard subdomains - !origin // Allow non-origin requests + regex.test(origin) // Matches dashboard subdomains ) { callback(null, true); } else {