Skip to content

Commit 03372f0

Browse files
nicolelim02nicolelim02
committed
Fix cors error
1 parent 0a55a23 commit 03372f0

File tree

2 files changed

+34
-25
lines changed

2 files changed

+34
-25
lines changed

backend/user-service/.env.sample

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,3 +8,6 @@ JWT_SECRET=you-can-replace-this-with-your-own-secret
88
ADMIN_USERNAME=administrator
99
ADMIN_EMAIL=[email protected]
1010
ADMIN_PASSWORD=Admin@123
11+
12+
# origins for cors
13+
ORIGINS=["http://localhost:5173", "http://127.0.0.1:5173"]

backend/user-service/app.ts

Lines changed: 31 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -1,51 +1,57 @@
11
import express, { Request, Response, NextFunction } from "express";
22
import cors from "cors";
3+
import dotenv from "dotenv";
34
import fs from "fs";
45
import yaml from "yaml";
56
import swaggerUi from "swagger-ui-express";
67

78
import userRoutes from "./routes/user-routes.js";
89
import authRoutes from "./routes/auth-routes.js";
910

11+
dotenv.config();
12+
1013
const file = fs.readFileSync("./swagger.yml", "utf-8");
1114
const swaggerDocument = yaml.parse(file);
15+
const origin = process.env.ORIGINS
16+
? process.env.ORIGINS.split(",")
17+
: ["http://localhost:5173", "http://127.0.0.1:5173"];
1218

1319
const app = express();
1420

1521
app.use(express.urlencoded({ extended: true }));
1622
app.use(express.json());
1723
app.use(
1824
cors({
19-
origin: ["http://localhost:5173", "http://127.0.0.1:5173"],
25+
origin: origin,
2026
credentials: true,
2127
})
2228
); // config cors so that front-end can use
23-
// app.options(
24-
// "*",
25-
// cors({
26-
// origin: ["http://localhost:5173", "http://127.0.0.1:5173"],
27-
// credentials: true,
28-
// })
29-
// );
29+
app.options(
30+
"*",
31+
cors({
32+
origin: ["http://localhost:5173", "http://127.0.0.1:5173"],
33+
credentials: true,
34+
})
35+
);
3036

3137
// To handle CORS Errors
32-
// app.use((req: Request, res: Response, next: NextFunction) => {
33-
// res.header("Access-Control-Allow-Origin", "*"); // "*" -> Allow all links to access
34-
35-
// res.header(
36-
// "Access-Control-Allow-Headers",
37-
// "Origin, X-Requested-With, Content-Type, Accept, Authorization"
38-
// );
39-
40-
// // Browsers usually send this before PUT or POST Requests
41-
// if (req.method === "OPTIONS") {
42-
// res.header("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, PATCH");
43-
// return res.status(200).json({});
44-
// }
45-
46-
// // Continue Route Processing
47-
// next();
48-
// });
38+
app.use((req: Request, res: Response, next: NextFunction) => {
39+
res.header("Access-Control-Allow-Origin", req.headers.origin); // "*" -> Allow all links to access
40+
41+
res.header(
42+
"Access-Control-Allow-Headers",
43+
"Origin, X-Requested-With, Content-Type, Accept, Authorization"
44+
);
45+
46+
// Browsers usually send this before PUT or POST Requests
47+
if (req.method === "OPTIONS") {
48+
res.header("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, PATCH");
49+
return res.status(200).json({});
50+
}
51+
52+
// Continue Route Processing
53+
next();
54+
});
4955

5056
app.use("/api/users", userRoutes);
5157
app.use("/api/auth", authRoutes);

0 commit comments

Comments
 (0)