From af68663da4873e9b715a2214ec513de94abe5c84 Mon Sep 17 00:00:00 2001 From: Joel Anton Date: Wed, 17 Apr 2024 10:17:26 -0700 Subject: [PATCH 1/2] fix: Use origin instead of host --- apps/api/src/config/cors.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/api/src/config/cors.ts b/apps/api/src/config/cors.ts index 434bd422c11..3c81d9a2780 100644 --- a/apps/api/src/config/cors.ts +++ b/apps/api/src/config/cors.ts @@ -10,7 +10,7 @@ export const corsOptionsDelegate: Parameters[0] methods: ['GET', 'HEAD', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'], }; - const host = (req.headers as any)?.host || ''; + const origin = (req.headers as any)?.origin || ''; if (['test', 'local'].includes(process.env.NODE_ENV) || isWidgetRoute(req.url) || isBlueprintRoute(req.url)) { corsOptions.origin = '*'; @@ -23,12 +23,12 @@ export const corsOptionsDelegate: Parameters[0] const shouldDisableCorsForPreviewUrls = process.env.PR_PREVIEW_ROOT_URL && process.env.NODE_ENV === 'dev' && - host.includes(process.env.PR_PREVIEW_ROOT_URL); + origin.includes(process.env.PR_PREVIEW_ROOT_URL); Logger.verbose(`Should allow deploy preview? ${shouldDisableCorsForPreviewUrls ? 'Yes' : 'No'}.`, { curEnv: process.env.NODE_ENV, previewUrlRoot: process.env.PR_PREVIEW_ROOT_URL, - host, + origin, }); if (shouldDisableCorsForPreviewUrls) { From c00c0e2598e68ca75da8b1540da7783f360b8e1a Mon Sep 17 00:00:00 2001 From: Joel Anton Date: Wed, 17 Apr 2024 10:21:44 -0700 Subject: [PATCH 2/2] test: Update tests --- apps/api/src/config/cors.spec.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/api/src/config/cors.spec.ts b/apps/api/src/config/cors.spec.ts index b820d802f87..b60af15b969 100644 --- a/apps/api/src/config/cors.spec.ts +++ b/apps/api/src/config/cors.spec.ts @@ -71,7 +71,7 @@ describe('CORS Configuration', () => { { url: '/v1/test', headers: { - host: 'https://test--' + process.env.PR_PREVIEW_ROOT_URL, + origin: 'https://test--' + process.env.PR_PREVIEW_ROOT_URL, }, }, callbackSpy