aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.env.example1
-rw-r--r--src/config/cors.ts21
2 files changed, 19 insertions, 3 deletions
diff --git a/.env.example b/.env.example
index 6829a4e..5dfc8a5 100644
--- a/.env.example
+++ b/.env.example
@@ -1,5 +1,6 @@
DOMAIN = "aniwatchtv.to"
PORT = 4000
+CORS_ALLOWED_ORIGINS = https://your-production-domain.com,https://another-trusted-domain.com
# RATE LIMIT
WINDOWMS = 1800000 # duration to track requests (in milliseconds) for rate limiting. here, 30*60*1000 = 1800000 = 30 minutes
diff --git a/src/config/cors.ts b/src/config/cors.ts
index b82f40a..9cbf836 100644
--- a/src/config/cors.ts
+++ b/src/config/cors.ts
@@ -1,10 +1,25 @@
-import cors from "cors";
+import cors from 'cors';
+import dotenv from 'dotenv';
+
+dotenv.config();
+
+const allowedOrigins = process.env.CORS_ALLOWED_ORIGINS
+ ? process.env.CORS_ALLOWED_ORIGINS.split(",")
+ : ["http://localhost:4000"];
const corsConfig = cors({
- origin: "*",
- methods: "GET",
+ origin: function (origin, callback) {
+ if (!origin || allowedOrigins.includes(origin)) {
+ callback(null, true);
+ } else {
+ callback(new Error("Not allowed by CORS"));
+ }
+ },
+ methods: ["GET"],
credentials: true,
optionsSuccessStatus: 200,
+ maxAge: 600,
});
export default corsConfig;
+