diff options
| author | Ritesh Ghosh <[email protected]> | 2024-10-04 12:17:57 +0530 |
|---|---|---|
| committer | GitHub <[email protected]> | 2024-10-04 12:17:57 +0530 |
| commit | 3813902aaa4452612ef0b4a792a294a97581c87c (patch) | |
| tree | 474d38eac226e53e41375ae25582b0cc94e1d3d5 | |
| parent | dbbd46a99d8690307837e831a8130704e0d63feb (diff) | |
| parent | 91fd0918c319519bf20f3bdcb2287a5c85ffa7d1 (diff) | |
| download | aniwatch-api-3813902aaa4452612ef0b4a792a294a97581c87c.tar.xz aniwatch-api-3813902aaa4452612ef0b4a792a294a97581c87c.zip | |
Merge pull request #64 from divyansh355/main
Enhance CORS Configuration for Production Security
| -rw-r--r-- | .env.example | 1 | ||||
| -rw-r--r-- | src/config/cors.ts | 21 |
2 files changed, 19 insertions, 3 deletions
diff --git a/.env.example b/.env.example index 6829a4e..5dfc8a5 100644 --- a/.env.example +++ b/.env.example @@ -1,5 +1,6 @@ DOMAIN = "aniwatchtv.to" PORT = 4000 +CORS_ALLOWED_ORIGINS = https://your-production-domain.com,https://another-trusted-domain.com # RATE LIMIT WINDOWMS = 1800000 # duration to track requests (in milliseconds) for rate limiting. here, 30*60*1000 = 1800000 = 30 minutes diff --git a/src/config/cors.ts b/src/config/cors.ts index b82f40a..9cbf836 100644 --- a/src/config/cors.ts +++ b/src/config/cors.ts @@ -1,10 +1,25 @@ -import cors from "cors"; +import cors from 'cors'; +import dotenv from 'dotenv'; + +dotenv.config(); + +const allowedOrigins = process.env.CORS_ALLOWED_ORIGINS + ? process.env.CORS_ALLOWED_ORIGINS.split(",") + : ["http://localhost:4000"]; const corsConfig = cors({ - origin: "*", - methods: "GET", + origin: function (origin, callback) { + if (!origin || allowedOrigins.includes(origin)) { + callback(null, true); + } else { + callback(new Error("Not allowed by CORS")); + } + }, + methods: ["GET"], credentials: true, optionsSuccessStatus: 200, + maxAge: 600, }); export default corsConfig; + |
