From 08c5e4277c113a18eb68de2910398fd833091fac Mon Sep 17 00:00:00 2001
From: Antonella Sgarlatta <antsgar@gmail.com>
Date: Wed, 27 Nov 2024 13:00:54 -0300
Subject: [PATCH 1/2] update allow origin header

---
 packages/api/src/server.js | 15 ++++++++++++++-
 packages/webapp/nginx.conf |  2 +-
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/packages/api/src/server.js b/packages/api/src/server.js
index cd738deeff..70007b342e 100644
--- a/packages/api/src/server.js
+++ b/packages/api/src/server.js
@@ -253,6 +253,18 @@ const rejectBodyInGetAndDelete = (req, res, next) => {
   next();
 };
 
+const getAllowedOrigin = () => {
+  switch (environment) {
+    case 'development':
+      return 'http://localhost:3000';
+    case 'integration':
+      return 'https://beta.litefarm.org';
+    case 'production':
+      return 'https://app.litefarm.org';
+    default:
+      return 'https://app.litefarm.org';
+  }
+};
 app
   .use(applyExpressJSON)
   .use(express.urlencoded({ extended: true }))
@@ -261,7 +273,8 @@ app
   // prevent CORS errors
   .use(cors())
   .use((req, res, next) => {
-    res.header('Access-Control-Allow-Origin', '*');
+    const origin = getAllowedOrigin();
+    res.header('Access-Control-Allow-Origin', origin);
     res.header(
       'Access-Control-Allow-Headers',
       'Origin, X-Requested-With, Content-Type, Accept, Authorization',
diff --git a/packages/webapp/nginx.conf b/packages/webapp/nginx.conf
index 68d55db9a7..7d19ff490a 100644
--- a/packages/webapp/nginx.conf
+++ b/packages/webapp/nginx.conf
@@ -93,7 +93,7 @@ http {
 
           proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
           proxy_pass_request_headers      on;
-          proxy_set_header 'Access-Control-Allow-Origin' '*';
+          proxy_set_header 'Access-Control-Allow-Origin' 'https://beta.litefarm.org';
           proxy_pass http://backend:5000/;
         }
         listen 443 ssl; # managed by Certbot

From 18d4aea532be24606ba043af41e97d0ad69f8247 Mon Sep 17 00:00:00 2001
From: Antonella Sgarlatta <antsgar@gmail.com>
Date: Wed, 27 Nov 2024 13:03:07 -0300
Subject: [PATCH 2/2] add new line

---
 packages/api/src/server.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages/api/src/server.js b/packages/api/src/server.js
index 70007b342e..6f059ec17e 100644
--- a/packages/api/src/server.js
+++ b/packages/api/src/server.js
@@ -265,6 +265,7 @@ const getAllowedOrigin = () => {
       return 'https://app.litefarm.org';
   }
 };
+
 app
   .use(applyExpressJSON)
   .use(express.urlencoded({ extended: true }))