From fce084f5907a173a9c05fca9b9ed7d5a1b8e6d26 Mon Sep 17 00:00:00 2001
From: Maxime Cannoodt <maxime.cannoodt@ugent.be>
Date: Thu, 30 Jun 2022 09:28:49 +0200
Subject: [PATCH] fix cors with helmet

---
 server/prisma/dev.db | Bin 815104 -> 815104 bytes
 server/server.ts     |  17 +++++++----------
 2 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/server/prisma/dev.db b/server/prisma/dev.db
index 88220eab946516f816e3f5da3f221f33c1f2672e..2ec2951957b213cba8514274e8541fd15ddf0858 100644
GIT binary patch
delta 2409
zcmZ{l%a0pL9mi)fj5mq%+5;zcrEox-tdn(BcUN`Qg<Zd2<M-PfHeFR+cH3>c{cc+b
z&m@OE@e)G$58$x5z$%PDXeGoU9FRa<R!A$f5-Wkk<HCW*E?UZnWF}Iu^pm>l>+aU)
zTi@TWjz5COAHi>Z;p+Q)dwWk*T~hVv+qca9_kVEj``g2J)$QX4SB~Gga=fqVf~o^m
zpF6#BeE5%FUA%t%vHHW_j~-qr1zx#u{qaLk3fzDARw)oT{b4C^aQ#q;Kfe9&CvOL`
z2X`+2_TfwS0+}1ZcY|LKj)Uc(9{l{}zpK^Ky}&n4|9UU*r%T&c58mA8E&^WHK?9(E
z4p|xliiwoI`NlI<428c_`-7#iLgU`XADMTbsn%@j?o>2h8V-XS-I($_XX>b@?^JiS
zG)9~G2oir8`k%T59_{tjhYfS0KJ2Y##$@Kv*PlIXdOiU_$2+x8XG__$?b~N6_BQ}%
z^uN#AqGuA0Zaq`+d@=+8lASu9G1+&heC?@<S5tQm-uYk<Q1z0ki>fZ2elWOv_v34a
z!P4IK8`o}L1y|k*mfm~$=9h!pli?c|-#k3LfA!?*|21s?<h=(M|G0m@u>b2PbuBp)
zsm7oMX{aGdn^!GRPevl66v8}dxE?q9eP_yh(F9Jnw6a$oVi{ZInk~O5{FLc0teHQ<
zete}J=_S7Hbl0*x;>b$#)tDE&9?n$bW43~g-e7XXJZs$#_lv7cDJ$2xb$c<ih$avP
z*wl0z142zGsSY(rZGf@G7&o|17}lXqfv};}C>PSOm=Ym2nK&8VJqN6I>O~<?#K)g}
zcmIC=v!8$EjF_Nt(R1vSVM!p<;Y7$0WIfFf%*136n>LG^l5Sc{QcorqQD1hCx=A_9
zMnfGric>v2o6<(L%~~m8uy8k1sMK6E*y2dKpljYyZ&*szK$kRIM{ZSkGRY{1ZmxwR
zF2fR2VgiVn)EGgQMG%4<3Y}?~VAIy9CWxVHmSGu!TPA}7*-%(g7lKQ8GQ4w+7<lJ%
zy?q*NMf|mYeo+zs`)3Dd#Iy*Tx|g$4GNq3~Yi^f>hSC!@oAJe<Ugdg26bgw>JX)c6
zV$=%b`FJe~<w6*uYIecxd9NSIhgPJ<7QJ$&eMDBXMzgc-#pB5u5hGUI#zjVkCtA(-
zL~58LQNKQ@`<lrW86*HP2~AG9txLkCA)$mwK!Z^YL8e=#rD3RIAPoR1v^8k~$R*|{
z!_f1@FX+`B@b8-29r5>GJtGe3{v0IR(F~b6#wJ}|j5!{a)4tup%dFeV#hguM=1eDU
zu@R}1Tb-oat`(ZeLe=k^@l7V1Z`F-l{HUad7k<TFRubLX8du}x&I&}`O+vkl+T)aK
zw4%VBBqH1C5G+dLqQNvIZ3+x*2&qG8+JLDX>$bYk5yS@8fXX(obQ3CW#G!_{;x?&n
zQ4G}{zy2KYi^k86`0@<}{OND5J_X*kVAw88mR=<`(|T{=Olrg0gy`B)+@G%7#aKFy
zTAggk$ZcXaT9ILQy|A=sD3|JzY8GvPUfblGIJSvkh?DKiGV4uyE#|s3A91SGWI1P&
z@8nY6jB8G_U2LvBnhhtt0kdrzn}P^V1tt`05DE&AO{mmVt}O{IgKJbWB#^0@#9|hu
z!Vre?$JTXl`q|sT!<#n(dmrvyeC6=tgGU#By8p|)55M#B&0naQcKbOqUNmi$8DD+!
zsWRh}Z~pD68On>8=8U7rotAs!_G;x<`jxpoMPgzVSE$Szg-~Z@6gJr$b941685hc<
z7S`=Zw+HOH*(jnJS**9jT(qTKujpQEGACJCjOSvk+BcWuSgGv9BdK*EUT%+IK2!9p
z!m!)02(~O>S&TrSwo|79S{gJFltS1*HG(an0WC}8st>Tb<iJK6Wvbs9(7Bpvx6T2p
znP$G=1lbXH|F9zt|Ne}arh90xjIr=yQFP<V=FBM6<MD!<A#ES|gW+<NYIR3)wJHi(
zE!I=LbTd0{LR6~BM7dmabehjcvm_Gl+H-_ytv}wHwFHl+mNGYxqSoj(GTwaBv8(<(
zWOs*%4{6#HD!d5Vh?!7Gix3m4djg^4n#54kq|T7qdPA5@EvbgLiG>J~5NbA74xJ2N
zJ4Xz>^M~U0>8ZFQ{?au?{I9<R&k;|W0GTx>n@_GA3smiP&}zxrAssknvUKLfMMRr*
z7lpZ1$*>}dq$+W;tl`C+Cks)W^p`!J)+*(7YMn@Xb4fv@x(RKjPQjhVwY2WQdNeK#
zni&IW7|q;t-OS6ntI{pF37MtllMWREA{tcfjtmWB2`M*#O%2Ww(y<VL6HBNC0uh4{
O+SoEqA3X@x{`?=ot@<Yb

delta 302
zcmZp8VA$}$aDp`NHU<WU<3P*_#A_#Nm@{tMn6SK_bq$cat(m8xou`2jh?#(x8Hic7
z^E9yjIM2byzYC~<Vdr$705+NF1_5kM(;WiXIJR#JU}NTI&2g<T%$U9_p3RF{h5O`m
z_5?Q1=?MvJebWmP*aWt}OJIA=$-=<Esy_L2mn5qWki|J&+J#AyRhxl<<@NLj!5osT
zT0rL6>9S!!rY4ZNe!77IP=N-JIdO7gw<N1NkX1an9>`JyvO=d{u;P$pRBb<*%?8Bm
zK+FNeoZC-kb6G#x&a#0clZ`W$!=BZ6iEShAboo>^NjApDbuSbxraQ87$Zp?c#_Gqp
gErFXwfs2`W4FiV^>l5ZRn*|l-F>hbf%pLLu03O&@yZ`_I

diff --git a/server/server.ts b/server/server.ts
index 552569c..a2111cb 100644
--- a/server/server.ts
+++ b/server/server.ts
@@ -11,16 +11,13 @@ const prisma = new PrismaClient();
 
 const app: Express = express();
 app.use(express.json());
-app.use(helmet());
-
-// Allow CORS in dev mode.
-if (process.env.ENVIRONMENT == "dev") {
-  app.use(
-    cors({
-      origin: "*",
-    })
-  );
-}
+app.use(
+  helmet({
+    crossOriginResourcePolicy: {
+      policy: process.env.ENVIRONMENT == "dev" ? "cross-origin" : "same-origin",
+    },
+  })
+);
 
 // Apply rate limiting
 const postLimiter = rateLimit({