summer2026/quicklanch-server
7
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

improvement: CORS origin hardcoded to localhost #10

New Issue
Open
opened 2026-06-17 15:07:03 +00:00 by abumahid · 0 comments
abumahid commented 2026-06-17 15:07:03 +00:00
Owner
Copy Link
Copy Source

Description

The CORS configuration hardcodes the origin to localhost:5173, making it inflexible for different environments (staging, production). This requires code changes for each deployment and may cause issues when the frontend is deployed to different domains.

Location

  • File: src/app.ts
  • Component: cors() middleware
  • Lines: 17-21

How to Fix

Use an environment variable to configure allowed origins:

import cors from 'cors';

const allowedOrigins = (process.env.CORS_ORIGINS || "http://localhost:5173").split(',');

app.use(cors({
    origin: allowedOrigins,
    methods: ["GET", "POST", "PATCH", "DELETE", "PUT"],
    credentials: true
}));

Update .env:

CORS_ORIGINS=http://localhost:5173,https://yourdomain.com

Acceptance Criteria

  • CORS origins are configurable via an environment variable
  • Multiple origins can be specified (comma-separated)
  • Default value works for development
  • Production deployment uses appropriate origins
  • Build passes
  • CORS requests work from allowed origins
  • Requests from disallowed origins are rejected
### Description The CORS configuration hardcodes the origin to `localhost:5173`, making it inflexible for different environments (staging, production). This requires code changes for each deployment and may cause issues when the frontend is deployed to different domains. ### Location - **File:** `src/app.ts` - **Component:** `cors()` middleware - **Lines:** 17-21 ### How to Fix Use an environment variable to configure allowed origins: ```typescript import cors from 'cors'; const allowedOrigins = (process.env.CORS_ORIGINS || "http://localhost:5173").split(','); app.use(cors({ origin: allowedOrigins, methods: ["GET", "POST", "PATCH", "DELETE", "PUT"], credentials: true })); ``` Update `.env`: ``` CORS_ORIGINS=http://localhost:5173,https://yourdomain.com ``` ### Acceptance Criteria - [ ] CORS origins are configurable via an environment variable - [ ] Multiple origins can be specified (comma-separated) - [ ] Default value works for development - [ ] Production deployment uses appropriate origins - [ ] Build passes - [ ] CORS requests work from allowed origins - [ ] Requests from disallowed origins are rejected
abumahid added the improvementMedium labels 2026-06-17 15:07:03 +00:00
abumahid added this to the quicklanch-server project 2026-06-17 15:07:03 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
Code not working perfectly
 Critical
Critical
 feat
For new features
 fix
Need to fixed simple code changes
 High
High
 improvement
improvement
 Low
Low
 Medium
Medium
 perf
Performance
refactor
refactor
 security
security related issue
No Label improvement Medium
Milestone
No items
No Milestone
Projects
Clear projects
No project quicklanch-server
Assignees
Clear assignees
abumahid (Md Abumahid) rahat (Ruhul Amin Rahat) rimi sharafat (Md Sharafat Hassain Binoy) sinikdho (Md Ferdous Mahmud Sinikdho) techzaa (TechZaa : Innovating the Future) utsob
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: summer2026/quicklanch-server#10
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?