From da1dc694f3da5adbf27b31fb7eef0e1bdb39b74f Mon Sep 17 00:00:00 2001 From: Sorrel Bri Date: Tue, 7 Jan 2020 13:43:20 -0800 Subject: [PATCH] restrict CORS to env defined origin --- server/package-lock.json | 5 +++++ server/package.json | 1 + server/server.js | 5 ++++- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/server/package-lock.json b/server/package-lock.json index a3f637d..afeaa08 100644 --- a/server/package-lock.json +++ b/server/package-lock.json @@ -269,6 +269,11 @@ "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.0.4.tgz", "integrity": "sha1-l4hXRCxEdJ5CBmE+N5RiBYJqvYA=" }, + "dotenv": { + "version": "8.2.0", + "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-8.2.0.tgz", + "integrity": "sha512-8sJ78ElpbDJBHNeBzUbUVLsqKdccaa/BXF1uPTw3GrvQTBgrQrtObr2mUrE38vzYd8cEv+m/JBfDLioYcfXoaw==" + }, "ee-first": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", diff --git a/server/package.json b/server/package.json index dce4107..822b6ea 100644 --- a/server/package.json +++ b/server/package.json @@ -11,6 +11,7 @@ "cookie-parser": "~1.4.4", "cors": "^2.8.5", "debug": "~2.6.9", + "dotenv": "^8.2.0", "express": "~4.16.1", "http-errors": "~1.6.3", "morgan": "~1.9.1", diff --git a/server/server.js b/server/server.js index 32924a7..fbbe70d 100644 --- a/server/server.js +++ b/server/server.js @@ -6,13 +6,16 @@ const path = require('path'); const cookieParser = require('cookie-parser'); const logger = require('morgan'); +const dotenv = require('dotenv'); +dotenv.config(); + const indexRouter = require('./routes/index'); const usersRouter = require('./routes/users'); const app = express(); const corsOptions = { - origin: '*' + origin: process.env.REACT_ADDRESS } app.options('*', cors(corsOptions));