Merge pull request #2342 from betagouv/hotfix/cors

hotfix: use a config var env for obs cors
betagouv · Dec 13, 2023 · 39551b8 · 39551b8
2 parents 9f2dba5 + b385b81
commit 39551b8
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 10 deletions.
diff --git a/api/proxy/src/HttpTransport.ts b/api/proxy/src/HttpTransport.ts
@@ -184,18 +184,11 @@ export class HttpTransport implements TransportInterface {
       }),
     );
 
-    // use CORS asynchronously to log the calls and check against a list of domains
     this.app.use(
       /\/(observatory|geo\/search)/i,
-      cors((req: Request, callback) => {
-        const domains = [
-          'https://demo.covoiturage.beta.gouv.fr',
-          'https://covoiturage.beta.gouv.fr',
-          'http://localhost:4200',
-        ];
-        const origin = req.header('Origin') || '';
-        const error = domains.includes(origin) ? null : new Error(`CORS: ${origin} is not allowed`);
-        callback(error, { origin: true, optionsSuccessStatus: 200 });
+      cors({
+        origin: this.config.get('proxy.observatoryCors'),
+        optionsSuccessStatus: 200,
       }),
     );
 

diff --git a/api/proxy/src/config/proxy.ts b/api/proxy/src/config/proxy.ts
@@ -25,3 +25,4 @@ export const rpc = {
 };
 
 export const cors = env.or_fail('APP_CORS', appUrl);
+export const observatoryCors = env.or_fail('APP_OBSERVATORY_CORS', appUrl).split(',');
Original file line number	Diff line number	Diff line change
Expand Up		@@ -25,3 +25,4 @@ export const rpc = {
		};

		export const cors = env.or_fail('APP_CORS', appUrl);
		export const observatoryCors = env.or_fail('APP_OBSERVATORY_CORS', appUrl).split(',');