From c289541cd5a96fc11d7de0f031982a2cbd2f6af9 Mon Sep 17 00:00:00 2001
From: Kenzo <kenzo.signer@bookageek.ch>
Date: Thu, 18 Dec 2025 13:54:41 +0100
Subject: [PATCH] refactor(cors): simplify origin validation logic in
 `index.ts`

- Streamlined CORS logic by consolidating `allowedOrigins` checks and improving readability.
- Updated callback invocations for consistency and clarity.
---
 backend/src/index.ts | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/backend/src/index.ts b/backend/src/index.ts
index b64ea83..f8f4152 100644
--- a/backend/src/index.ts
+++ b/backend/src/index.ts
@@ -46,15 +46,16 @@ fastify.register(cors, {
   origin: (origin, cb) => {
     // Allow requests with no origin (like mobile apps or curl)
     if (!origin) {
-      cb(null, true);
-      return;
+      return cb(null, true);
     }
 
     // Check if origin is in allowed list
-    if (allowedOrigins.some(allowed => origin === allowed || origin.endsWith(allowed))) {
-      cb(null, true);
+    const isAllowed = allowedOrigins.includes(origin);
+
+    if (isAllowed) {
+      return cb(null, true);
     } else {
-      cb(new Error('Not allowed by CORS'), false);
+      return cb(null, false);
     }
   },
   credentials: true,