From bbdc63f61c9cc67ff769bf6125e533b46e630b35 Mon Sep 17 00:00:00 2001
From: Sorrel Bri <sorrel.bri.june@gmail.com>
Date: Tue, 7 Jan 2020 13:43:20 -0800
Subject: [PATCH] restrict CORS to env defined origin

---
 packages/play-node-go/server/package-lock.json | 5 +++++
 packages/play-node-go/server/package.json      | 1 +
 packages/play-node-go/server/server.js         | 5 ++++-
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/packages/play-node-go/server/package-lock.json b/packages/play-node-go/server/package-lock.json
index a3f637d..afeaa08 100644
--- a/packages/play-node-go/server/package-lock.json
+++ b/packages/play-node-go/server/package-lock.json
@@ -269,6 +269,11 @@
       "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.0.4.tgz",
       "integrity": "sha1-l4hXRCxEdJ5CBmE+N5RiBYJqvYA="
     },
+    "dotenv": {
+      "version": "8.2.0",
+      "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-8.2.0.tgz",
+      "integrity": "sha512-8sJ78ElpbDJBHNeBzUbUVLsqKdccaa/BXF1uPTw3GrvQTBgrQrtObr2mUrE38vzYd8cEv+m/JBfDLioYcfXoaw=="
+    },
     "ee-first": {
       "version": "1.1.1",
       "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
diff --git a/packages/play-node-go/server/package.json b/packages/play-node-go/server/package.json
index dce4107..822b6ea 100644
--- a/packages/play-node-go/server/package.json
+++ b/packages/play-node-go/server/package.json
@@ -11,6 +11,7 @@
     "cookie-parser": "~1.4.4",
     "cors": "^2.8.5",
     "debug": "~2.6.9",
+    "dotenv": "^8.2.0",
     "express": "~4.16.1",
     "http-errors": "~1.6.3",
     "morgan": "~1.9.1",
diff --git a/packages/play-node-go/server/server.js b/packages/play-node-go/server/server.js
index 32924a7..fbbe70d 100644
--- a/packages/play-node-go/server/server.js
+++ b/packages/play-node-go/server/server.js
@@ -6,13 +6,16 @@ const path = require('path');
 const cookieParser = require('cookie-parser');
 const logger = require('morgan');
 
+const dotenv = require('dotenv');
+dotenv.config();
+
 const indexRouter = require('./routes/index');
 const usersRouter = require('./routes/users');
 
 const app = express();
 
 const corsOptions = {
-  origin: '*'
+  origin: process.env.REACT_ADDRESS
 }
 
 app.options('*', cors(corsOptions));