More CORS stuff

2024-10-07 19:14:55 -04:00
parent b2a4b891bf
commit e2de61c5d8
5 changed files with 28 additions and 14 deletions
--- a/4
+++ b/4
@ -113,8 +113,8 @@ ENV NODE_ENV=production
 # command to launch your server instead of the default api-server below.
 # This is important if you intend to configure GraphQL to use Realtime.
 #
-# CMD [ "./api/dist/server.js" ]
-CMD [ "node_modules/.bin/rw-server", "api" ]
+# CMD [ "node_modules/.bin/rw-server", "api" ]
+CMD [ "./api/dist/server.js" ]

 # web serve
 # ---------
--- a/api/src/lib/cors.ts
+++ b/api/src/lib/cors.ts
@ -1,12 +1,15 @@
-import type { FastifyReply } from 'fastify'
+import type { FastifyReply, FastifyRequest } from 'fastify'

 import { isProduction } from '@redwoodjs/api/logger'

-export const setCorsHeaders = (res: FastifyReply) => {
-  res.raw.setHeader(
-    'Access-Control-Allow-Origin',
-    isProduction ? process.env.ADDRESS_PROD : process.env.ADDRESS_DEV
-  )
+export const setCorsHeaders = (req: FastifyRequest, res: FastifyReply) => {
+  const origins = isProduction
+    ? [process.env.API_ADDRESS_PROD, process.env.ADDRESS_PROD]
+    : [process.env.API_ADDRESS_DEV, process.env.ADDRESS_DEV]
+
+  if (origins.indexOf(req.headers.origin) !== -1)
+    res.raw.setHeader('Access-Control-Allow-Origin', req.headers.origin)
+
  res.raw.setHeader(
    'Access-Control-Allow-Methods',
    'GET, POST, OPTIONS, PATCH, HEAD'
--- a/api/src/lib/tus.ts
+++ b/api/src/lib/tus.ts
@ -26,7 +26,7 @@ export const handleTusUpload = (
  isPublicEndpoint: boolean
 ) => {
  if (isProduction) {
-    if (req.method === 'OPTIONS') handleOptionsRequest(res)
+    if (req.method === 'OPTIONS') handleOptionsRequest(req, res)
    else if (isPublicEndpoint && req.method === 'GET')
      tusHandler.handle(req.raw, res.raw)
    else if (['GET', 'POST', 'HEAD', 'PATCH'].includes(req.method)) {
@ -40,7 +40,7 @@ export const handleTusUpload = (
      res.raw.end('Method not allowed')
    }
  } else {
-    setCorsHeaders(res)
+    setCorsHeaders(req, res)
    tusHandler.handle(req.raw, res.raw)
  }
 }
@ -91,8 +91,8 @@ const addUserMetadataToRequest = (req: FastifyRequest, user: User) => {
  ;(req.raw as any).userEmail = user.email
 }

-const handleOptionsRequest = (res: FastifyReply) => {
-  setCorsHeaders(res)
+const handleOptionsRequest = (req: FastifyRequest, res: FastifyReply) => {
+  setCorsHeaders(req, res)
  res.raw.statusCode = 204
  res.raw.end()
 }
--- a/web/src/App.tsx
+++ b/web/src/App.tsx
@ -12,7 +12,14 @@ const App = () => (
  <FatalErrorBoundary page={FatalErrorPage}>
    <RedwoodProvider titleTemplate="%PageTitle | %AppTitle">
      <AuthProvider>
-        <RedwoodApolloProvider useAuth={useAuth}>
+        <RedwoodApolloProvider
+          useAuth={useAuth}
+          graphQLClientConfig={{
+            httpLinkConfig: {
+              credentials: 'include',
+            },
+          }}
+        >
          <Routes />
        </RedwoodApolloProvider>
      </AuthProvider>
--- a/web/src/auth.ts
+++ b/web/src/auth.ts
@ -1,5 +1,9 @@
 import { createDbAuthClient, createAuth } from '@redwoodjs/auth-dbauth-web'

-const dbAuthClient = createDbAuthClient()
+const dbAuthClient = createDbAuthClient({
+  fetchConfig: {
+    credentials: 'include',
+  },
+})

 export const { AuthProvider, useAuth } = createAuth(dbAuthClient)