From a7e659309b9af8aad82434e725c9fe99e512adc2 Mon Sep 17 00:00:00 2001 From: Rajib Salui Date: Wed, 10 Sep 2025 15:56:21 +0530 Subject: [PATCH] Refactor CORS configuration and enable credentials for API requests --- backend-expressjs/index.js | 56 +++++++++++++++------------- frontend/src/services/authService.ts | 5 +++ 2 files changed, 36 insertions(+), 25 deletions(-) diff --git a/backend-expressjs/index.js b/backend-expressjs/index.js index fbeba10..5b01f57 100644 --- a/backend-expressjs/index.js +++ b/backend-expressjs/index.js @@ -13,32 +13,38 @@ const MONGO_URI = process.env.MONGO_URI || 'mongodb://localhost:27017/agroconnec app.use(bodyParser.json()); -// // cors middleware -// app.use(cors({ -// origin: ['http://localhost:8080','http://localhost:8081','https://agro-connect-y6nl-git-main-upayanchatterjee7-gmailcoms-projects.vercel.app','https://agro-connect-y6nl-upayanchatterjee7-gmailcoms-projects.vercel.app','https://agro-connect-y6nl.vercel.app','https://agro-connect-p7j2.vercel.app'], -// //origin:true, -// methods: ['GET', 'POST', 'PUT', 'DELETE'], -// allowedHeaders: ['Content-Type', 'Authorization'], -// credentials: true, -// })); - - -// CORS middleware at the very top -app.use((req, res, next) => { - res.header("Access-Control-Allow-Origin", "https://agro-connect-y6nl-git-main-upayanchatterjee7-gmailcoms-projects.vercel.app"); - res.header("Access-Control-Allow-Credentials", "true"); - res.header("Access-Control-Allow-Methods", "GET,POST,PUT,DELETE,OPTIONS"); - res.header("Access-Control-Allow-Headers", "Content-Type, Authorization"); - - if (req.method === "OPTIONS") { - return res.sendStatus(200); - } - next(); -}); - +// CORS configuration +const allowedOrigins = [ + 'http://localhost:5173', + 'http://localhost:3000', + 'http://localhost:8080', + 'http://localhost:8081', + // Vercel preview and production URLs for the frontend + 'https://agro-connect-y6nl-git-main-upayanchatterjee7-gmailcoms-projects.vercel.app', + 'https://agro-connect-y6nl-upayanchatterjee7-gmailcoms-projects.vercel.app', + 'https://agro-connect-y6nl.vercel.app', +]; + +const corsOptions = { + origin: function (origin, callback) { + if (!origin) return callback(null, true); + if ( + allowedOrigins.includes(origin) || + /\.vercel\.app$/.test(origin) // allow any vercel.app domain + ) { + return callback(null, true); + } + return callback(new Error('Not allowed by CORS')); + }, + methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'], + allowedHeaders: ['Content-Type', 'Authorization'], + credentials: true, +}; + + +// Enable CORS for all routes +app.use(cors(corsOptions)); -// Handle preflight requests -app.options('*', cors()); // for testing app.get('/', (req, res) => { diff --git a/frontend/src/services/authService.ts b/frontend/src/services/authService.ts index 53a465a..de3c578 100644 --- a/frontend/src/services/authService.ts +++ b/frontend/src/services/authService.ts @@ -69,6 +69,7 @@ class AuthService { 'Content-Type': 'application/json', }, body: JSON.stringify(userData), + credentials: 'include', }); if (!response.ok) { @@ -86,6 +87,7 @@ class AuthService { 'Content-Type': 'application/json', }, body: JSON.stringify(loginData), + credentials: 'include', }); if (!response.ok) { @@ -103,6 +105,7 @@ class AuthService { 'Content-Type': 'application/json', }, body: JSON.stringify({ email }), + credentials: 'include', }); if (!response.ok) { @@ -117,6 +120,7 @@ class AuthService { const response = await fetch(`${API_BASE_URL}/auth/profile`, { method: 'GET', headers: this.getAuthHeaders(), + credentials: 'include', }); if (!response.ok) { @@ -136,6 +140,7 @@ class AuthService { method: 'PUT', headers: this.getAuthHeaders(), body: JSON.stringify(profileData), + credentials: 'include', }); if (!response.ok) {