Kenzo/Gallus_Pub
2
1
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

feat: Support multiple CORS origins and enhance origin validation
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details

Browse Source 
- Updated `fly.toml` to allow multiple CORS origins.
- Refactored CORS logic in `index.ts` to validate and support multiple origins, including handling requests with no origin.
This commit is contained in:
Kenzo
2025-12-18 13:51:29 +01:00
parent 4533f6cc3d
commit c9d067b1e3
2 changed files with 17 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/fly.toml
View File

@ -14,7 +14,7 @@ primary_region = "ams"
GIT_WORKSPACE_DIR = "/app/data/workspace"
# Cross-site frontend and OAuth
FRONTEND_URL = "https://gallus-pub.ch"
CORS_ORIGIN = "https://gallus-pub.ch"
CORS_ORIGIN = "https://gallus-pub.ch,https://www.gallus-pub.ch"
GITEA_REDIRECT_URI = "https://cms.gallus-pub.ch/api/auth/callback"
[http_service]

17
backend/src/index.ts
View File

@ -40,8 +40,23 @@ const fastify = Fastify({
});
// Register plugins
// Support multiple origins for CORS
const allowedOrigins = env.CORS_ORIGIN.split(',').map(o => o.trim());
fastify.register(cors, {
origin: env.CORS_ORIGIN,
origin: (origin, cb) => {
// Allow requests with no origin (like mobile apps or curl)
if (!origin) {
cb(null, true);
return;
}
// Check if origin is in allowed list
if (allowedOrigins.some(allowed => origin === allowed || origin.endsWith(allowed))) {
cb(null, true);
} else {
cb(new Error('Not allowed by CORS'), false);
}
},
credentials: true,
});