diff options
| -rw-r--r-- | .env.example | 1 | ||||
| -rw-r--r-- | src/config/cors.ts | 21 |
2 files changed, 19 insertions, 3 deletions
diff --git a/.env.example b/.env.example index 6829a4e..5dfc8a5 100644 --- a/.env.example +++ b/.env.example @@ -1,5 +1,6 @@ DOMAIN = "aniwatchtv.to" PORT = 4000 +CORS_ALLOWED_ORIGINS = https://your-production-domain.com,https://another-trusted-domain.com # RATE LIMIT WINDOWMS = 1800000 # duration to track requests (in milliseconds) for rate limiting. here, 30*60*1000 = 1800000 = 30 minutes diff --git a/src/config/cors.ts b/src/config/cors.ts index b82f40a..9cbf836 100644 --- a/src/config/cors.ts +++ b/src/config/cors.ts @@ -1,10 +1,25 @@ -import cors from "cors"; +import cors from 'cors'; +import dotenv from 'dotenv'; + +dotenv.config(); + +const allowedOrigins = process.env.CORS_ALLOWED_ORIGINS + ? process.env.CORS_ALLOWED_ORIGINS.split(",") + : ["http://localhost:4000"]; const corsConfig = cors({ - origin: "*", - methods: "GET", + origin: function (origin, callback) { + if (!origin || allowedOrigins.includes(origin)) { + callback(null, true); + } else { + callback(new Error("Not allowed by CORS")); + } + }, + methods: ["GET"], credentials: true, optionsSuccessStatus: 200, + maxAge: 600, }); export default corsConfig; + |
