fix: update frontend environment variables and fix CORS origin handling issue

2025-01-22 10:35:37 +00:00 · 2024-12-16 13:09:58 +01:00 · 2024-12-16 13:09:58 +01:00 · d59d245466
commit d59d245466
parent b8d8bfeaa6
3 changed files with 9 additions and 8 deletions
--- a/api/src/config/index.ts
+++ b/api/src/config/index.ts
@ -16,9 +16,9 @@ export const config: Config = {
  },
  appPath: process.cwd(),
  apiBaseUrl: process.env.API_ORIGIN || 'http://localhost:4000',
-  uiBaseUrl: process.env.FRONTEND_ORIGIN
-    ? process.env.FRONTEND_ORIGIN.split(',')[0]
-    : 'http://localhost:8080',
+  uiBaseUrl: process.env.FRONTEND_BASE_URL
+    ? process.env.FRONTEND_BASE_URL
+    : 'http://localhost:8080', // default to local dev
  security: {
    httpsEnabled: process.env.HTTPS_ENABLED === 'true',
    trustProxy: process.env.HTTPS_ENABLED === 'true', // Nginx in use ?
@ -27,7 +27,7 @@ export const config: Config = {
      headers: 'content-type,x-xsrf-token,x-csrf-token',
      methods: ['GET', 'PATCH', 'POST', 'DELETE', 'OPTIONS', 'HEAD'],
      allowOrigins: process.env.FRONTEND_ORIGIN
-        ? process.env.FRONTEND_ORIGIN.split(',')
+        ? process.env.FRONTEND_ORIGIN.split(',').map((origin) => origin.trim())
        : ['*'],
      allowCredentials: true,
    },
@ -72,7 +72,7 @@ export const config: Config = {
    // to get access to a 3rd party cookie and to enable sessions).
    grant3rdPartyCookie: true,
    onlyAllowOrigins: process.env.FRONTEND_ORIGIN
-      ? process.env.FRONTEND_ORIGIN.split(',')
+      ? process.env.FRONTEND_ORIGIN.split(',').map((origin) => origin.trim())
      : [undefined], // ['http://example.com', 'https://example.com'],
  },
  session: {
--- a/api/src/extensions/channels/console/settings.ts
+++ b/api/src/extensions/channels/console/settings.ts
@ -20,7 +20,7 @@ export default [
  {
    group: CONSOLE_CHANNEL_NAMESPACE,
    label: Web.SettingLabel.allowed_domains,
-    value: config.uiBaseUrl,
+    value: config.security.cors.allowOrigins.join(','),
    type: SettingType.text,
  },
  {
--- a/docker/.env.example
+++ b/docker/.env.example
@ -3,9 +3,11 @@ NODE_ENV=dev
 APP_DOMAIN=localhost
 SSL_EMAIL=hello@hexabot.ai
 API_PORT=4000
+APP_FRONTEND_PORT=8080
 APP_SCRIPT_COMPODOC_PORT=9003
 API_ORIGIN=http://${APP_DOMAIN}:${API_PORT}
-FRONTEND_ORIGIN=http://${APP_DOMAIN},http://${APP_DOMAIN}:8080,http://${APP_DOMAIN}:8081,http://${APP_DOMAIN}:5173,http://${APP_DOMAIN},http://${APP_DOMAIN}/*,*
+FRONTEND_BASE_URL=http://${APP_DOMAIN}:${APP_FRONTEND_PORT}
+FRONTEND_ORIGIN=http://${FRONTEND_BASE_URL},http://${APP_DOMAIN}:8081,http://${APP_DOMAIN}:5173,http://${APP_DOMAIN},https://${APP_DOMAIN}
 JWT_SECRET=dev_only
 JWT_EXPIRES_IN=60
 SALT_LENGTH=12
@ -56,7 +58,6 @@ BERT_MODEL_BY_LANGUAGE_JSON='{
 HF_AUTH_TOKEN=

 # Frontend (Next.js)
-APP_FRONTEND_PORT=8080
 NEXT_PUBLIC_API_ORIGIN=http://${APP_DOMAIN}:${API_PORT}/
 NEXT_PUBLIC_SSO_ENABLED=false