From 871341ab434f8d52d3c849604836344289161461 Mon Sep 17 00:00:00 2001
From: Laurie Voss <github@seldo.com>
Date: Sun, 19 Nov 2023 15:54:53 -0800
Subject: [PATCH] Handle CORS in prod

---
 templates/types/simple/express/index.ts    | 12 ++++++++++++
 templates/types/streaming/express/index.ts | 12 ++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/templates/types/simple/express/index.ts b/templates/types/simple/express/index.ts
index 90e67278..daf5d8b6 100644
--- a/templates/types/simple/express/index.ts
+++ b/templates/types/simple/express/index.ts
@@ -8,9 +8,21 @@ const port = 8000;
 
 const env = process.env["NODE_ENV"];
 const isDevelopment = !env || env === "development";
+const prodCorsOrigin = process.env["PROD_CORS_ORIGIN"];
+
 if (isDevelopment) {
   console.warn("Running in development mode - allowing CORS for all origins");
   app.use(cors());
+} else if (prodCorsOrigin) {
+  console.log(
+    `Running in production mode - allowing CORS for domain: ${prodCorsOrigin}`,
+  );
+  const corsOptions = {
+    origin: prodCorsOrigin, // Restrict to production domain
+  };
+  app.use(cors(corsOptions));
+} else {
+  console.warn("Production CORS origin not set, defaulting to no CORS.");
 }
 
 app.use(express.text());
diff --git a/templates/types/streaming/express/index.ts b/templates/types/streaming/express/index.ts
index 90e67278..daf5d8b6 100644
--- a/templates/types/streaming/express/index.ts
+++ b/templates/types/streaming/express/index.ts
@@ -8,9 +8,21 @@ const port = 8000;
 
 const env = process.env["NODE_ENV"];
 const isDevelopment = !env || env === "development";
+const prodCorsOrigin = process.env["PROD_CORS_ORIGIN"];
+
 if (isDevelopment) {
   console.warn("Running in development mode - allowing CORS for all origins");
   app.use(cors());
+} else if (prodCorsOrigin) {
+  console.log(
+    `Running in production mode - allowing CORS for domain: ${prodCorsOrigin}`,
+  );
+  const corsOptions = {
+    origin: prodCorsOrigin, // Restrict to production domain
+  };
+  app.use(cors(corsOptions));
+} else {
+  console.warn("Production CORS origin not set, defaulting to no CORS.");
 }
 
 app.use(express.text());
-- 
GitLab