Enhance CORS Configuration for Production Security

📌 Removed the wildcard (*) origin and replaced it with trusted origins from .env. 📌 Introduced environment variable (CORS_ALLOWED_ORIGINS) for dynamic origin management. 📌 Improved security by blocking untrusted origins and methods. 📌 Enhanced performance with maxAge for caching preflight responses. 📌 No breaking changes, as the fallback origin is set to http://localhost:4000 for development, ensuring compatibility with local setups.
author: Divyansh <[email protected]> 2024-10-01 04:55:14 +0000
committer: Divyansh <[email protected]> 2024-10-01 04:55:14 +0000
commit: 91fd0918c319519bf20f3bdcb2287a5c85ffa7d1 (patch)
tree: 474d38eac226e53e41375ae25582b0cc94e1d3d5 /.env.example
parent: dbbd46a99d8690307837e831a8130704e0d63feb (diff)
download: aniwatch-api-91fd0918c319519bf20f3bdcb2287a5c85ffa7d1.tar.xz
aniwatch-api-91fd0918c319519bf20f3bdcb2287a5c85ffa7d1.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/.env.example b/.env.example
index 6829a4e..5dfc8a5 100644
--- a/.env.example
+++ b/.env.example
@@ -1,5 +1,6 @@
 DOMAIN = "aniwatchtv.to"
 PORT = 4000
+CORS_ALLOWED_ORIGINS = https://your-production-domain.com,https://another-trusted-domain.com
 
 # RATE LIMIT
 WINDOWMS = 1800000     # duration to track requests (in milliseconds) for rate limiting. here, 30*60*1000 = 1800000 = 30 minutes
author	Divyansh <[email protected]>	2024-10-01 04:55:14 +0000
committer	Divyansh <[email protected]>	2024-10-01 04:55:14 +0000
commit	91fd0918c319519bf20f3bdcb2287a5c85ffa7d1 (patch)
tree	474d38eac226e53e41375ae25582b0cc94e1d3d5 /.env.example
parent	dbbd46a99d8690307837e831a8130704e0d63feb (diff)
download	aniwatch-api-91fd0918c319519bf20f3bdcb2287a5c85ffa7d1.tar.xz aniwatch-api-91fd0918c319519bf20f3bdcb2287a5c85ffa7d1.zip