Allow CORS from both localhost and production domain
All checks were successful
Build Frontend / Build Frontend (push) Successful in 9s
All checks were successful
Build Frontend / Build Frontend (push) Successful in 9s
This commit is contained in:
17
index.js
17
index.js
@@ -61,23 +61,30 @@ const createServer = () => {
|
||||
* Register plugins
|
||||
*/
|
||||
const registerPlugins = async (fastify) => {
|
||||
// CORS - Allow requests from file:// protocol for test client
|
||||
// CORS - Allow both local development and production
|
||||
await fastify.register(fastifyCors, {
|
||||
origin: (origin, callback) => {
|
||||
const allowedOrigins = [
|
||||
"http://localhost:5173",
|
||||
"http://127.0.0.1:5173",
|
||||
"https://turbotrades.dev",
|
||||
config.cors.origin,
|
||||
];
|
||||
|
||||
// Allow requests from file:// protocol (local HTML files)
|
||||
if (!origin || origin === "null" || origin === config.cors.origin) {
|
||||
if (!origin || origin === "null") {
|
||||
callback(null, true);
|
||||
return;
|
||||
}
|
||||
|
||||
// In development, allow localhost on any port
|
||||
// Allow localhost on any port in development
|
||||
if (config.isDevelopment && origin.includes("localhost")) {
|
||||
callback(null, true);
|
||||
return;
|
||||
}
|
||||
|
||||
// Otherwise, check if it matches configured origin
|
||||
if (origin === config.cors.origin) {
|
||||
// Check if origin is in allowed list
|
||||
if (allowedOrigins.includes(origin)) {
|
||||
callback(null, true);
|
||||
} else {
|
||||
callback(new Error("Not allowed by CORS"), false);
|
||||
|
||||
Reference in New Issue
Block a user