From ea6e14059d8904c83f16ef65dc30dfde70ca78d8 Mon Sep 17 00:00:00 2001
From: Bobby <bobbyskhs@gmail.com>
Date: Mon, 21 Mar 2022 04:48:28 -0400
Subject: force check referer before api request

---
 server.js | 21 ++++-----------------
 1 file changed, 4 insertions(+), 17 deletions(-)

(limited to 'server.js')

diff --git a/server.js b/server.js
index eb79ff0..8c1024e 100644
--- a/server.js
+++ b/server.js
@@ -2,16 +2,12 @@
 const express = require("express");
 const bodyParser = require("body-parser");
 const cors = require("cors");
-
 // Import the routes
 const routes = require("./routes");
 
 // Create the server
 const app = express();
-var allowedOrigins = [
-  "http://localhost:3000",
-  "https://thatcomputerscientist.com",
-];
+
 app.use(function (req, res, next) {
   if (
     req.get("X-Forwarded-Proto") === "http" &&
@@ -32,18 +28,9 @@ app.use(
     extended: true,
   })
 );
-app.use(
-  cors({
-    origin: function (origin, callback) {
-      // Block everything except the allowed origins
-      if (allowedOrigins.indexOf(origin) !== -1) {
-        callback(null, true);
-      } else {
-        callback(new Error("Not allowed by CORS"));
-      }
-    },
-  })
-);
+
+app.use(cors());
+
 app.use("/static", express.static(__dirname + "/static"));
 app.use(express.static(__dirname + "/public"));
 app.engine("html", require("ejs").renderFile);
-- 
cgit v1.2.3