From d59d2454669af9fc4b31ad04a5b16f04dc217254 Mon Sep 17 00:00:00 2001
From: Mohamed Chedli <chedli@symbionix.co>
Date: Mon, 16 Dec 2024 13:09:58 +0100
Subject: [PATCH] fix: update frontend environment variables and fix CORS
 origin handling issue

---
 api/src/config/index.ts                         | 10 +++++-----
 api/src/extensions/channels/console/settings.ts |  2 +-
 docker/.env.example                             |  5 +++--
 3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/api/src/config/index.ts b/api/src/config/index.ts
index 223783fd..68898396 100644
--- a/api/src/config/index.ts
+++ b/api/src/config/index.ts
@@ -16,9 +16,9 @@ export const config: Config = {
   },
   appPath: process.cwd(),
   apiBaseUrl: process.env.API_ORIGIN || 'http://localhost:4000',
-  uiBaseUrl: process.env.FRONTEND_ORIGIN
-    ? process.env.FRONTEND_ORIGIN.split(',')[0]
-    : 'http://localhost:8080',
+  uiBaseUrl: process.env.FRONTEND_BASE_URL
+    ? process.env.FRONTEND_BASE_URL
+    : 'http://localhost:8080', // default to local dev
   security: {
     httpsEnabled: process.env.HTTPS_ENABLED === 'true',
     trustProxy: process.env.HTTPS_ENABLED === 'true', // Nginx in use ?
@@ -27,7 +27,7 @@ export const config: Config = {
       headers: 'content-type,x-xsrf-token,x-csrf-token',
       methods: ['GET', 'PATCH', 'POST', 'DELETE', 'OPTIONS', 'HEAD'],
       allowOrigins: process.env.FRONTEND_ORIGIN
-        ? process.env.FRONTEND_ORIGIN.split(',')
+        ? process.env.FRONTEND_ORIGIN.split(',').map((origin) => origin.trim())
         : ['*'],
       allowCredentials: true,
     },
@@ -72,7 +72,7 @@ export const config: Config = {
     // to get access to a 3rd party cookie and to enable sessions).
     grant3rdPartyCookie: true,
     onlyAllowOrigins: process.env.FRONTEND_ORIGIN
-      ? process.env.FRONTEND_ORIGIN.split(',')
+      ? process.env.FRONTEND_ORIGIN.split(',').map((origin) => origin.trim())
       : [undefined], // ['http://example.com', 'https://example.com'],
   },
   session: {
diff --git a/api/src/extensions/channels/console/settings.ts b/api/src/extensions/channels/console/settings.ts
index 4f877c84..62875828 100644
--- a/api/src/extensions/channels/console/settings.ts
+++ b/api/src/extensions/channels/console/settings.ts
@@ -20,7 +20,7 @@ export default [
   {
     group: CONSOLE_CHANNEL_NAMESPACE,
     label: Web.SettingLabel.allowed_domains,
-    value: config.uiBaseUrl,
+    value: config.security.cors.allowOrigins.join(','),
     type: SettingType.text,
   },
   {
diff --git a/docker/.env.example b/docker/.env.example
index 9ca144c4..84aaface 100644
--- a/docker/.env.example
+++ b/docker/.env.example
@@ -3,9 +3,11 @@ NODE_ENV=dev
 APP_DOMAIN=localhost
 SSL_EMAIL=hello@hexabot.ai
 API_PORT=4000
+APP_FRONTEND_PORT=8080
 APP_SCRIPT_COMPODOC_PORT=9003
 API_ORIGIN=http://${APP_DOMAIN}:${API_PORT}
-FRONTEND_ORIGIN=http://${APP_DOMAIN},http://${APP_DOMAIN}:8080,http://${APP_DOMAIN}:8081,http://${APP_DOMAIN}:5173,http://${APP_DOMAIN},http://${APP_DOMAIN}/*,*
+FRONTEND_BASE_URL=http://${APP_DOMAIN}:${APP_FRONTEND_PORT}
+FRONTEND_ORIGIN=http://${FRONTEND_BASE_URL},http://${APP_DOMAIN}:8081,http://${APP_DOMAIN}:5173,http://${APP_DOMAIN},https://${APP_DOMAIN}
 JWT_SECRET=dev_only
 JWT_EXPIRES_IN=60
 SALT_LENGTH=12
@@ -56,7 +58,6 @@ BERT_MODEL_BY_LANGUAGE_JSON='{
 HF_AUTH_TOKEN=
 
 # Frontend (Next.js)
-APP_FRONTEND_PORT=8080
 NEXT_PUBLIC_API_ORIGIN=http://${APP_DOMAIN}:${API_PORT}/
 NEXT_PUBLIC_SSO_ENABLED=false