Skip to content

feat: configure CORS allowed origins for production#2

Open
DeFiVC wants to merge 1 commit into
mainfrom
feat/cors-allowed-origins
Open

feat: configure CORS allowed origins for production#2
DeFiVC wants to merge 1 commit into
mainfrom
feat/cors-allowed-origins

Conversation

@DeFiVC

@DeFiVC DeFiVC commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Add allowedOrigins config field with ALLOWED_ORIGINS env var (comma-separated)
  • Replace permissive origin: true with configured origins list
  • Add credentials: true to CORS config
  • Update .env.example with ALLOWED_ORIGINS entry

Closes #12

Test plan

  1. Set ALLOWED_ORIGINS=http://localhost:3000 — requests from localhost:3000 succeed, others fail
  2. Set ALLOWED_ORIGINS=http://localhost:3000,https://chainlearn.io — both origins work
  3. Default (no env var) — falls back to http://localhost:3000

- Add allowedOrigins config with comma-separated env var support
- Replace permissive origin:true with configured origins
- Add ALLOWED_ORIGINS to .env.example
@DeFiVC

DeFiVC commented Jul 8, 2026

Copy link
Copy Markdown
Contributor Author

Review Summary

CORS configuration is correct and minimal (3 files, +9/-1).

What's Good

  • Zod .transform() for comma-separated env var parsing
  • Sensible default http://localhost:3000
  • credentials: true for proper CORS support

CI Note

  • "Lint & Typecheck" failed at actions/setup-node@v4 — pre-existing CI infra issue (missing Node.js setup step), not from this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant