prenotazionibackend2/src/config/cors.ts

29 lines
691 B
TypeScript
Raw Normal View History

import cors from "cors";
const allowedOrigins = [
"http://localhost:5173",
"http://127.0.0.1:5173",
"https://prenotazionifrontend.andreavillari.it",
process.env.FRONTEND_URL,
].filter(Boolean) as string[];
export const corsMiddleware = cors({
origin(origin, callback) {
if (!origin || allowedOrigins.includes(origin)) {
callback(null, true);
return;
}
console.warn(`CORS: origin non consentita: ${origin}`);
callback(null, false);
},
credentials: true,
methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
allowedHeaders: [
"Content-Type",
"Authorization",
"Cookie",
"X-Requested-With",
"X-Auth-Return-Redirect",
],
});