Related

Product App Platform: Run Node apps without managing servers Product
Is possible to connect a DO K8s cluster with a DO Droplet private network? Question Question
Deployment fails for Rails App with App Platform - No such file or directory - /workspace/node_modules/.bin/webpack (Errno::ENOENT) Question Question

Question

App Platform: How to manage cors?

Posted November 7, 2020 464 views
Node.jsNetworkingDigitalOcean App Platform

Hi, I have setup my nextjs app on digital oceans app platform.Everything is working fine but i’m getting cors erros even though I have whitelisted them with ENV variables. For example, in my server file 

  // CORS
  const corsOptions = {
    origin(origin, callback) {
      if (!origin || process.env.WHITELIST.split(',').indexOf(origin) !== -1) {
        callback(null, true)
      }else {
        callback(new Error('Not allowed by CORS'))
      }
    }
  }
console.log(`CORS ALLOWED: ${process.env.WHITELIST}`)
  server.use(cors(corsOptions));

And in my env files(also set from digital ocean platform)
WHITELIST=http://localhost:3030,https://someUniqidentifier.ondigitalocean.app

Is there something i’m missing? The console.log is showing the correct whitelisted urls.

Add a comment
zipvoila
By:
zipvoila

Related

Product App Platform: Run Node apps without managing servers Product
Is possible to connect a DO K8s cluster with a DO Droplet private network? Question Question
Deployment fails for Rails App with App Platform - No such file or directory - /workspace/node_modules/.bin/webpack (Errno::ENOENT) Question Question
Add a comment
1 comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer
kamaln7 November 9, 2020

Hi! Looking at the CORS middleware documentation, it looks like the origin function is meant to return a list of allowed origins. Since you have that ready through the environment variable, you should be able to pass them directly like so:

  // CORS
  const corsOptions = {
    origin: process.env.WHITELIST ? process.env.WHITELIST.split(',') : [],
  }

  console.log(`CORS ALLOWED: ${process.env.WHITELIST}`)
  server.use(cors(corsOptions));

If the environment variable is not set, this will disallow all origins. You can replace the [] default value at the end of the line with '*' to allow all origins instead.

Does that work?

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help