From 811c4e35b3c38f4ac5f5e863c793dd57995033c1 Mon Sep 17 00:00:00 2001
From: CANCI0 <martinlol831@gmail.com>
Date: Tue, 2 Apr 2024 18:52:25 +0200
Subject: [PATCH] Solventado fallo de seguridad

---
 users/userservice/user-service.js | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/users/userservice/user-service.js b/users/userservice/user-service.js
index 4a483b8c..00b7e2d5 100644
--- a/users/userservice/user-service.js
+++ b/users/userservice/user-service.js
@@ -9,7 +9,20 @@ const app = express();
 const port = 8001;
 
 const cors = require('cors');
-app.use(cors());
+
+const corsOptions = {
+  origin: [
+    process.env.AUTH_SERVICE_URL || "http://localhost:8000",
+    process.env.USER_SERVICE_URL || "http://localhost:8001",
+    process.env.QUESTION_SERVICE_URL || "http://localhost:8002",
+    process.env.STATS_SERVICE_URL || "http://localhost:8003",
+    process.env.GATEWAY_SERVICE_URL || "http://localhost:8004",
+    process.env.MONGODB_URI || "mongodb://localhost:27017/userdb",
+    process.env.MONGODB_STATS_URI || "mongodb://localhost:27017/statsdb"
+  ],
+};
+
+app.use(cors(corsOptions));
 
 // Middleware to parse JSON in request body
 app.use(bodyParser.json());