From 97c732196921e0de63f6d49f61bfef81efe8185e Mon Sep 17 00:00:00 2001
From: Chaitanya-chute <chaitanyachute11@gmail.com>
Date: Fri, 15 May 2026 15:38:30 +0530
Subject: [PATCH] fix: enable CORS credentials and send auth cookies

---
 backend/server.js           | 10 +++++++++-
 src/pages/Login/Login.tsx   |  8 ++++++--
 src/pages/Signup/Signup.tsx |  6 ++++--
 3 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/backend/server.js b/backend/server.js
index 3f19f00..306d71e 100644
--- a/backend/server.js
+++ b/backend/server.js
@@ -12,7 +12,15 @@ require('./config/passportConfig');
 const app = express();
 
 // CORS configuration
-app.use(cors('*'));
+const allowedOrigins = (process.env.FRONTEND_URL || 'http://localhost:5173')
+    .split(',')
+    .map((origin) => origin.trim())
+    .filter(Boolean);
+
+app.use(cors({
+    origin: allowedOrigins,
+    credentials: true,
+}));
 
 // Middleware
 app.use(bodyParser.json());
diff --git a/src/pages/Login/Login.tsx b/src/pages/Login/Login.tsx
index e77ee3b..85de642 100644
--- a/src/pages/Login/Login.tsx
+++ b/src/pages/Login/Login.tsx
@@ -30,11 +30,15 @@ const Login: React.FC = () => {
     setIsLoading(true);
 
     try {
-      const response = await axios.post(`${backendUrl}/api/auth/login`, formData);
+      const response = await axios.post(
+        `${backendUrl}/api/auth/login`,
+        formData,
+        { withCredentials: true }
+      );
       setMessage(response.data.message);
 
       if (response.data.message === 'Login successful') {
-        navigate("/");
+        navigate("/home");
       }
     } catch (error: any) {
       setMessage(error.response?.data?.message || "Something went wrong");
diff --git a/src/pages/Signup/Signup.tsx b/src/pages/Signup/Signup.tsx
index d03a921..07ee7ec 100644
--- a/src/pages/Signup/Signup.tsx
+++ b/src/pages/Signup/Signup.tsx
@@ -25,8 +25,10 @@ const navigate = useNavigate();
   const handleSubmit = async (e: React.FormEvent) => {
     e.preventDefault();
     try {
-      const response = await axios.post(`${backendUrl}/api/auth/signup`,
-        formData // Include cookies for session
+      const response = await axios.post(
+        `${backendUrl}/api/auth/signup`,
+        formData,
+        { withCredentials: true }
       );
       setMessage(response.data.message); // Show success message from backend