diff --git a/.env.development.example b/.env.development.example index 7a0814a..bf3f9fa 100644 --- a/.env.development.example +++ b/.env.development.example @@ -3,4 +3,5 @@ GITHUB_CLIENT_SECRET=your_github_oauth_client_secret GITHUB_AUTH_ISSUER=https://your_unique_authentication_issuer JWT_PRIVATE_KEY_PATH=./private-key.pem JWT_PUBLIC_KEY_PATH=./public-key.pem -JWT_KEY_ID=your-api-key-1 \ No newline at end of file +JWT_KEY_ID=your-api-key-1 +CORS_ORIGIN= \ No newline at end of file diff --git a/.env.production.example b/.env.production.example index d54d869..29e8db1 100644 --- a/.env.production.example +++ b/.env.production.example @@ -2,4 +2,5 @@ GITHUB_CLIENT_ID=your_github_oauth_client_id GITHUB_CLIENT_SECRET=your_github_oauth_client_secret GITHUB_AUTH_ISSUER=https://your_unique_authentication_issuer COOKIE_DOMAIN=.yourdomain.com -COOKIE_SAME_SITE=lax \ No newline at end of file +COOKIE_SAME_SITE=lax +CORS_ORIGIN= \ No newline at end of file diff --git a/README.md b/README.md index 10356c5..041a17c 100644 --- a/README.md +++ b/README.md @@ -35,9 +35,10 @@ GITHUB_AUTH_ISSUER=https://your-domain.com/auth/github > [!NOTE] > The issuer must be unique for the service. The authentication modules use it to distinguish the providers. -3. (Optional) Configure cookie settings for cross-subdomain support in `.env.production`: +3. (Optional) Configure CORS and cookie settings in `.env.production`: ```bash +CORS_ORIGIN=https://yourapp.yourdomain.com COOKIE_DOMAIN=.yourdomain.com COOKIE_SAME_SITE=lax ``` diff --git a/bunfig.toml b/bunfig.toml index a1f7644..9e75dd2 100644 --- a/bunfig.toml +++ b/bunfig.toml @@ -1,2 +1,2 @@ [test] -preload = ["./test-setup.ts"] \ No newline at end of file +preload = ["./test-setup.ts"] diff --git a/src/server.ts b/src/server.ts index f38bf1a..5e1cc80 100644 --- a/src/server.ts +++ b/src/server.ts @@ -17,6 +17,8 @@ import { exchangePrice, ExchangePriceSchema } from './handlers/exchange/price'; const { version: appVersion, name: appName, description: appDescription } = packageJson; +const corsOrigin = process.env.CORS_ORIGIN; + export const app = new Elysia() .error({ FetchApiError, @@ -44,7 +46,11 @@ export const app = new Elysia() } }) ) - .use(cors()) + .use( + cors({ + ...(corsOrigin !== undefined && { origin: corsOrigin }) + }) + ) .decorate('github', new GitHubDecorator()) .decorate('jwt', new JwtDecorator()) .decorate('exchange', new ExchangeDecorator())