⚡ Do not add cors headers in production mode

2024-10-07 01:58:50 +03:00 · 2019-09-20 13:06:06 +02:00 · 2019-09-20 13:06:06 +02:00 · a5344a0998
commit a5344a0998
parent 0f67177bf6
1 changed files with 9 additions and 7 deletions
--- a/packages/cli/src/Server.ts
+++ b/packages/cli/src/Server.ts
@ -204,13 +204,15 @@ class App {
 		//support application/x-www-form-urlencoded post data
 		this.app.use(bodyParser.urlencoded({ extended: false }));

-		this.app.use((req: express.Request, res: express.Response, next: express.NextFunction) => {
-			// Allow access also from frontend when developing
-			res.header('Access-Control-Allow-Origin', 'http://localhost:8080');
-			res.header('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, PATCH, DELETE');
-			res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept, sessionid');
-			next();
-		});
+		if (process.env['NODE_ENV'] !== 'production') {
+			this.app.use((req: express.Request, res: express.Response, next: express.NextFunction) => {
+				// Allow access also from frontend when developing
+				res.header('Access-Control-Allow-Origin', 'http://localhost:8080');
+				res.header('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, PATCH, DELETE');
+				res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept, sessionid');
+				next();
+			});
+		}


 		this.app.use((req: express.Request, res: express.Response, next: express.NextFunction) => {