Add configurable ACCESS_CONTROL_ALLOW_ORIGIN header for CDN

PROD-4372
topcoder-platform · Sep 28, 2023 · bcb3e31 · bcb3e31
1 parent 03490dc
commit bcb3e31
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 1 deletion.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -350,6 +350,7 @@ workflows:
             branches:
               only:
                 - PROD-4183
+                - PROD-4372
                 - changelog
       # This is alternate dev env for parallel testing
       - "build-test":

diff --git a/config/default.js b/config/default.js
@@ -25,6 +25,7 @@ module.exports = {
   /* CDN configuration. */
   CDN: {
     PUBLIC: 'https://d1aahxkjiobka8.cloudfront.net',
+    ACCESS_CONTROL_ALLOW_ORIGIN: '*.topcoder-dev.com',
   },
 
   /* Time in MS to wait before refreshing challenge details after register

diff --git a/config/production.js b/config/production.js
@@ -10,6 +10,7 @@ module.exports = {
   },
   CDN: {
     PUBLIC: 'https://community-app-cdn.topcoder.com',
+    ACCESS_CONTROL_ALLOW_ORIGIN: '*.topcoder.com',
   },
   COOKIES: {
     MAXAGE: 7,

diff --git a/src/server/routes/cdn.js b/src/server/routes/cdn.js
@@ -30,7 +30,7 @@ const url = path.resolve(__dirname, '../../../build');
 /* Sets Access-Control-Allow-Origin header to avoid CORS error.
  * TODO: Replace the wildcard value by an appropriate origin filtering. */
 router.use('/public/static-assets', (req, res, next) => {
-  res.set('Access-Control-Allow-Origin', '*');
+  res.set('Access-Control-Allow-Origin', `${config.CDN.ACCESS_CONTROL_ALLOW_ORIGIN}`);
   next();
 }, express.static(url),