From bcb3e31788c34c32bd9f8834cc93080318e51d30 Mon Sep 17 00:00:00 2001 From: Justin Gasper Date: Thu, 28 Sep 2023 15:19:34 +1000 Subject: [PATCH] Add configurable ACCESS_CONTROL_ALLOW_ORIGIN header for CDN PROD-4372 --- .circleci/config.yml | 1 + config/default.js | 1 + config/production.js | 1 + src/server/routes/cdn.js | 2 +- 4 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 5ca4199330..4dd81b9207 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -350,6 +350,7 @@ workflows: branches: only: - PROD-4183 + - PROD-4372 - changelog # This is alternate dev env for parallel testing - "build-test": diff --git a/config/default.js b/config/default.js index d50de2aec7..a5a369b466 100644 --- a/config/default.js +++ b/config/default.js @@ -25,6 +25,7 @@ module.exports = { /* CDN configuration. */ CDN: { PUBLIC: 'https://d1aahxkjiobka8.cloudfront.net', + ACCESS_CONTROL_ALLOW_ORIGIN: '*.topcoder-dev.com', }, /* Time in MS to wait before refreshing challenge details after register diff --git a/config/production.js b/config/production.js index c372930853..844a62fb54 100644 --- a/config/production.js +++ b/config/production.js @@ -10,6 +10,7 @@ module.exports = { }, CDN: { PUBLIC: 'https://community-app-cdn.topcoder.com', + ACCESS_CONTROL_ALLOW_ORIGIN: '*.topcoder.com', }, COOKIES: { MAXAGE: 7, diff --git a/src/server/routes/cdn.js b/src/server/routes/cdn.js index 61460e024b..d14133afae 100644 --- a/src/server/routes/cdn.js +++ b/src/server/routes/cdn.js @@ -30,7 +30,7 @@ const url = path.resolve(__dirname, '../../../build'); /* Sets Access-Control-Allow-Origin header to avoid CORS error. * TODO: Replace the wildcard value by an appropriate origin filtering. */ router.use('/public/static-assets', (req, res, next) => { - res.set('Access-Control-Allow-Origin', '*'); + res.set('Access-Control-Allow-Origin', `${config.CDN.ACCESS_CONTROL_ALLOW_ORIGIN}`); next(); }, express.static(url),