github/privacy-pools-core
1
1
Fork 0
mirror of https://github.com/0xbow-io/privacy-pools-core.git synced 2026-01-09 01:17:58 -05:00
Code Issues 16 Packages Projects Releases Wiki Activity

fix: resolve CORS issue in relayer by updating config schema defaults

Browse Source 
- Set cors_allow_all default to true for development
  - Add default allowed_domains including localhost and production URLs
  - Fixes CORS blocking on /relayer/details endpoint from localhost:3000
  - Allow all origins in production only when running on testnet-relayer.privacypools.com
  - Use restricted domain list for other production environments
This commit is contained in:
Patrick Aljord
2025-07-16 14:09:18 +02:00
parent 57a165cb36
commit c45259e9fe
2 changed files with 16 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
packages/relayer/src/app.ts
View File

@@ -7,7 +7,7 @@ import {
notFoundMiddleware,
} from "./middlewares/index.js";
import { relayerRouter } from "./routes/index.js";
import { CONFIG } from "./config/index.js";
import { CONFIG, CORS_ALLOW_ALL, ALLOWED_DOMAINS } from "./config/index.js";
// Initialize the express app
const app = express();
@@ -15,16 +15,25 @@ const app = express();
// Middleware functions
const parseJsonMiddleware = bodyParser.json();
// CORS config
// CORS config - allow all origins by default for development and testnet
const isTestnetRelayer = process.env.NODE_ENV === 'production' &&
(process.env.RELAYER_HOST === 'testnet-relayer.privacypools.com' ||
process.env.HOST === 'testnet-relayer.privacypools.com');
const shouldAllowAll = CORS_ALLOW_ALL || isTestnetRelayer;
const corsOptions = {
origin: CONFIG.cors_allow_all ? '*' : function (origin: string | undefined, callback: (err: Error | null, allow?: boolean) => void) {
if (!origin || CONFIG.allowed_domains.indexOf(origin) !== -1) {
origin: shouldAllowAll ? '*' : function (origin: string | undefined, callback: (err: Error | null, allow?: boolean) => void) {
// Allow requests without origin (like mobile apps) or from allowed domains
if (!origin || ALLOWED_DOMAINS.indexOf(origin) !== -1) {
callback(null, true);
} else {
console.log(`Request blocked by CORS middleware: ${origin}. Allowed domains: ${CONFIG.allowed_domains}`);
console.log(`Request blocked by CORS middleware: ${origin}. Allowed domains: ${ALLOWED_DOMAINS}`);
callback(new Error("Not allowed by CORS"));
}
},
credentials: true,
optionsSuccessStatus: 200
};

4
packages/relayer/src/config/schemas.ts
View File

@@ -64,8 +64,8 @@ export const zChainConfig = z.object({
// Common configuration schema
export const zCommonConfig = z.object({
sqlite_db_path: z.string().transform((p) => path.resolve(p)),
cors_allow_all: z.boolean().default(false),
allowed_domains: z.array(z.string().url()),
cors_allow_all: z.boolean().default(true),
allowed_domains: z.array(z.string().url()).default(["https://testnet.privacypools.com, https://prod-privacy-pool-ui.vercel.app, https://staging-privacy-pool-ui.vercel.app, https://dev-privacy-pool-ui.vercel.app, http://localhost:3000"]),
});
// Default configuration schema