From 55b15bf820ea89d2511f7794fb38c04f6e2363dc Mon Sep 17 00:00:00 2001 From: Andrew Nicolaou Date: Sun, 12 Mar 2017 22:46:16 +0100 Subject: [PATCH 1/2] Enable CORS for all origins and requests on API --- package.json | 3 ++- server/server.js | 6 ++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index 399774cc90..2f34692821 100644 --- a/package.json +++ b/package.json @@ -69,6 +69,7 @@ "codemirror": "^5.21.0", "connect-mongo": "^1.2.0", "cookie-parser": "^1.4.1", + "cors": "^2.8.1", "csslint": "^0.10.0", "dotenv": "^2.0.0", "dropzone": "^4.3.0", @@ -91,8 +92,8 @@ "passport": "^0.3.2", "passport-github": "^1.1.0", "passport-local": "^1.0.0", - "q": "^1.4.1", "project-name-generator": "^2.1.3", + "q": "^1.4.1", "react": "^15.1.0", "react-dom": "^15.1.0", "react-inlinesvg": "^0.4.2", diff --git a/server/server.js b/server/server.js index af8a55aee8..6b17ae45df 100644 --- a/server/server.js +++ b/server/server.js @@ -2,6 +2,7 @@ import Express from 'express'; import mongoose from 'mongoose'; import bodyParser from 'body-parser'; import cookieParser from 'cookie-parser'; +import cors from 'cors'; import session from 'express-session'; import connectMongo from 'connect-mongo'; import passport from 'passport'; @@ -36,6 +37,11 @@ if (process.env.NODE_ENV === 'development') { app.use(webpackHotMiddleware(compiler)); } +// Enable Cross-Origin Resource Sharing (CORS) for all origins +app.use(cors()); +// Enable pre-flight OPTIONS route for all end-points +app.options('*', cors()); + // Body parser, cookie parser, sessions, serve public assets app.use(Express.static(path.resolve(__dirname, '../static'))); From 6c27a395bc75cf96500fc174bf114e7ef5cdc817 Mon Sep 17 00:00:00 2001 From: Andrew Nicolaou Date: Wed, 22 Mar 2017 23:47:34 +0100 Subject: [PATCH 2/2] Whitelist CORS origins: *.p5js.org in production and also localhost in development --- server/server.js | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/server/server.js b/server/server.js index 6b17ae45df..07931c0d71 100644 --- a/server/server.js +++ b/server/server.js @@ -30,17 +30,27 @@ import { get404Sketch } from './views/404Page'; const app = new Express(); const MongoStore = connectMongo(session); +const corsOriginsWhitelist = [ + /p5js\.org$/, +]; + // Run Webpack dev server in development mode if (process.env.NODE_ENV === 'development') { const compiler = webpack(config); app.use(webpackDevMiddleware(compiler, { noInfo: true, publicPath: config.output.publicPath })); app.use(webpackHotMiddleware(compiler)); + + corsOriginsWhitelist.push(/localhost/); } // Enable Cross-Origin Resource Sharing (CORS) for all origins -app.use(cors()); +const corsMiddleware = cors({ + credentials: true, + origin: corsOriginsWhitelist, +}); +app.use(corsMiddleware); // Enable pre-flight OPTIONS route for all end-points -app.options('*', cors()); +app.options('*', corsMiddleware); // Body parser, cookie parser, sessions, serve public assets