44 "context"
55 "log"
66 "net/http"
7- "os"
87
98 "github.com/CodeChefVIT/devsoc-backend-26/pkg/elastic"
109 "github.com/CodeChefVIT/devsoc-backend-26/pkg/middlewares"
@@ -48,17 +47,20 @@ func main() {
4847
4948 e := echo .New ()
5049
51- // Enable CORS only in development mode
52- if os .Getenv ("ENV" ) == "development" {
50+ // Enable CORS when FRONTEND_URL is configured. Allow credentials and
51+ // respond to preflight requests. Must echo exact origin (not '*') so
52+ // browsers will accept credentials for cross-site cookies.
53+ allowedOrigin := utils .Config .FrontendURL
54+ if allowedOrigin != "" {
5355 e .Use (func (next echo.HandlerFunc ) echo.HandlerFunc {
5456 return func (c echo.Context ) error {
5557 origin := c .Request ().Header .Get ("Origin" )
56- allowedOrigin := os .Getenv ("FRONTEND_URL" )
5758 if origin == allowedOrigin {
58- c .Response ().Header ().Set ("Access-Control-Allow-Origin" , allowedOrigin )
59- c .Response ().Header ().Set ("Access-Control-Allow-Methods" , "GET,POST,PUT,PATCH,DELETE,OPTIONS" )
60- c .Response ().Header ().Set ("Access-Control-Allow-Headers" , "Content-Type, Authorization" )
61- c .Response ().Header ().Set ("Access-Control-Allow-Credentials" , "true" )
59+ hdr := c .Response ().Header ()
60+ hdr .Set ("Access-Control-Allow-Origin" , allowedOrigin )
61+ hdr .Set ("Access-Control-Allow-Methods" , "GET,POST,PUT,PATCH,DELETE,OPTIONS" )
62+ hdr .Set ("Access-Control-Allow-Headers" , "Content-Type, Authorization, X-Requested-With" )
63+ hdr .Set ("Access-Control-Allow-Credentials" , "true" )
6264 if c .Request ().Method == "OPTIONS" {
6365 return c .NoContent (http .StatusNoContent )
6466 }
@@ -77,7 +79,7 @@ func main() {
7779 e .Use (middlewares .RequestLogger )
7880 router .RegisterRoute (e )
7981
80- port := os . Getenv ( "PORT" )
82+ port := utils . Config . Port
8183 if port == "" {
8284 port = "8080"
8385 }
0 commit comments