fix cors with helmet

2022-06-30 09:28:49 +02:00 · 2022-06-30 09:28:49 +02:00 · fce084f590
commit fce084f590
parent 2e98fa7f2d
2 changed files with 7 additions and 10 deletions
--- a/server/prisma/dev.db
+++ b/server/prisma/dev.db
--- a/server/server.ts
+++ b/server/server.ts
@ -11,16 +11,13 @@ const prisma = new PrismaClient();

 const app: Express = express();
 app.use(express.json());
-app.use(helmet());
-
-// Allow CORS in dev mode.
-if (process.env.ENVIRONMENT == "dev") {
-  app.use(
-    cors({
-      origin: "*",
-    })
-  );
-}
+app.use(
+  helmet({
+    crossOriginResourcePolicy: {
+      policy: process.env.ENVIRONMENT == "dev" ? "cross-origin" : "same-origin",
+    },
+  })
+);

 // Apply rate limiting
 const postLimiter = rateLimit({