diff --git a/apps/server/src/index.ts b/apps/server/src/index.ts index 06575282..70cf9318 100644 --- a/apps/server/src/index.ts +++ b/apps/server/src/index.ts @@ -164,12 +164,9 @@ app.use( return; } - console.log(`[CORS] Checking origin: ${origin}`); - // If CORS_ORIGIN is set, use it (can be comma-separated list) const allowedOrigins = process.env.CORS_ORIGIN?.split(',').map((o) => o.trim()); if (allowedOrigins && allowedOrigins.length > 0 && allowedOrigins[0] !== '*') { - console.log(`[CORS] CORS_ORIGIN env var is set: ${allowedOrigins.join(', ')}`); if (allowedOrigins.includes(origin)) { callback(null, origin); } else { @@ -182,7 +179,6 @@ app.use( try { const url = new URL(origin); const hostname = url.hostname; - console.log(`[CORS] Parsed hostname: ${hostname}`); if ( hostname === 'localhost' || @@ -193,16 +189,14 @@ app.use( hostname.startsWith('10.') || hostname.startsWith('172.') ) { - console.log(`[CORS] ✓ Allowing origin: ${origin}`); callback(null, origin); return; } } catch (err) { - console.error(`[CORS] Error parsing URL: ${origin}`, err); + // Ignore URL parsing errors } // Reject other origins by default for security - console.log(`[CORS] ✗ Rejecting origin: ${origin}`); callback(new Error('Not allowed by CORS')); }, credentials: true, diff --git a/start-automaker.sh b/start-automaker.sh index a2d3e54c..86be391c 100755 --- a/start-automaker.sh +++ b/start-automaker.sh @@ -1075,7 +1075,7 @@ case $MODE in export TEST_PORT="$WEB_PORT" export VITE_SERVER_URL="http://$HOSTNAME:$SERVER_PORT" export PORT="$SERVER_PORT" - export CORS_ORIGIN="http://$HOSTNAME:$WEB_PORT,http://127.0.0.1:$WEB_PORT" + export CORS_ORIGIN="http://localhost:$WEB_PORT,http://$HOSTNAME:$WEB_PORT,http://127.0.0.1:$WEB_PORT" export VITE_APP_MODE="1" if [ "$PRODUCTION_MODE" = true ]; then