diff --git a/api/src/config/index.ts b/api/src/config/index.ts index 223783fd..68898396 100644 --- a/api/src/config/index.ts +++ b/api/src/config/index.ts @@ -16,9 +16,9 @@ export const config: Config = { }, appPath: process.cwd(), apiBaseUrl: process.env.API_ORIGIN || 'http://localhost:4000', - uiBaseUrl: process.env.FRONTEND_ORIGIN - ? process.env.FRONTEND_ORIGIN.split(',')[0] - : 'http://localhost:8080', + uiBaseUrl: process.env.FRONTEND_BASE_URL + ? process.env.FRONTEND_BASE_URL + : 'http://localhost:8080', // default to local dev security: { httpsEnabled: process.env.HTTPS_ENABLED === 'true', trustProxy: process.env.HTTPS_ENABLED === 'true', // Nginx in use ? @@ -27,7 +27,7 @@ export const config: Config = { headers: 'content-type,x-xsrf-token,x-csrf-token', methods: ['GET', 'PATCH', 'POST', 'DELETE', 'OPTIONS', 'HEAD'], allowOrigins: process.env.FRONTEND_ORIGIN - ? process.env.FRONTEND_ORIGIN.split(',') + ? process.env.FRONTEND_ORIGIN.split(',').map((origin) => origin.trim()) : ['*'], allowCredentials: true, }, @@ -72,7 +72,7 @@ export const config: Config = { // to get access to a 3rd party cookie and to enable sessions). grant3rdPartyCookie: true, onlyAllowOrigins: process.env.FRONTEND_ORIGIN - ? process.env.FRONTEND_ORIGIN.split(',') + ? process.env.FRONTEND_ORIGIN.split(',').map((origin) => origin.trim()) : [undefined], // ['http://example.com', 'https://example.com'], }, session: { diff --git a/api/src/extensions/channels/console/settings.ts b/api/src/extensions/channels/console/settings.ts index 4f877c84..62875828 100644 --- a/api/src/extensions/channels/console/settings.ts +++ b/api/src/extensions/channels/console/settings.ts @@ -20,7 +20,7 @@ export default [ { group: CONSOLE_CHANNEL_NAMESPACE, label: Web.SettingLabel.allowed_domains, - value: config.uiBaseUrl, + value: config.security.cors.allowOrigins.join(','), type: SettingType.text, }, { diff --git a/docker/.env.example b/docker/.env.example index 9ca144c4..84aaface 100644 --- a/docker/.env.example +++ b/docker/.env.example @@ -3,9 +3,11 @@ NODE_ENV=dev APP_DOMAIN=localhost SSL_EMAIL=hello@hexabot.ai API_PORT=4000 +APP_FRONTEND_PORT=8080 APP_SCRIPT_COMPODOC_PORT=9003 API_ORIGIN=http://${APP_DOMAIN}:${API_PORT} -FRONTEND_ORIGIN=http://${APP_DOMAIN},http://${APP_DOMAIN}:8080,http://${APP_DOMAIN}:8081,http://${APP_DOMAIN}:5173,http://${APP_DOMAIN},http://${APP_DOMAIN}/*,* +FRONTEND_BASE_URL=http://${APP_DOMAIN}:${APP_FRONTEND_PORT} +FRONTEND_ORIGIN=http://${FRONTEND_BASE_URL},http://${APP_DOMAIN}:8081,http://${APP_DOMAIN}:5173,http://${APP_DOMAIN},https://${APP_DOMAIN} JWT_SECRET=dev_only JWT_EXPIRES_IN=60 SALT_LENGTH=12 @@ -56,7 +58,6 @@ BERT_MODEL_BY_LANGUAGE_JSON='{ HF_AUTH_TOKEN= # Frontend (Next.js) -APP_FRONTEND_PORT=8080 NEXT_PUBLIC_API_ORIGIN=http://${APP_DOMAIN}:${API_PORT}/ NEXT_PUBLIC_SSO_ENABLED=false