import cors from "cors"; const allowedOrigins = [ "http://localhost:5173", "http://127.0.0.1:5173", "https://prenotazionifrontend.andreavillari.it", process.env.FRONTEND_URL, ].filter(Boolean) as string[]; export const corsMiddleware = cors({ origin(origin, callback) { if (!origin || allowedOrigins.includes(origin)) { callback(null, true); return; } console.warn(`CORS: origin non consentita: ${origin}`); callback(null, false); }, credentials: true, methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"], allowedHeaders: [ "Content-Type", "Authorization", "Cookie", "X-Requested-With", "X-Auth-Return-Redirect", ], });