ros/automaker
1
0
Fork 0
mirror of https://github.com/AutoMaker-Org/automaker.git synced 2026-02-03 08:53:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

debug: add CORS logging to diagnose origin rejection

Browse Source 
Added detailed logging to see:
- What origin is being sent
- How the hostname is parsed
- Why origins are being accepted/rejected

This will help us understand why CORS is still failing in web mode.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit is contained in:
DhanushSantosh
2026-01-18 01:47:53 +05:30
parent b8875f71a5
commit e10cb83adc
1 changed files with 24 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
apps/server/src/index.ts
View File

@@ -164,9 +164,12 @@ app.use(
return; return;
} }
console.log(`[CORS] Checking origin: ${origin}`);
// If CORS_ORIGIN is set, use it (can be comma-separated list) // If CORS_ORIGIN is set, use it (can be comma-separated list)
const allowedOrigins = process.env.CORS_ORIGIN?.split(',').map((o) => o.trim()); const allowedOrigins = process.env.CORS_ORIGIN?.split(',').map((o) => o.trim());
if (allowedOrigins && allowedOrigins.length > 0 && allowedOrigins[0] !== '*') { if (allowedOrigins && allowedOrigins.length > 0 && allowedOrigins[0] !== '*') {
console.log(`[CORS] CORS_ORIGIN env var is set: ${allowedOrigins.join(', ')}`);
if (allowedOrigins.includes(origin)) { if (allowedOrigins.includes(origin)) {
callback(null, origin); callback(null, origin);
} else { } else {
@@ -176,22 +179,30 @@ app.use(
} }
// For local development, allow all localhost/loopback origins (any port) // For local development, allow all localhost/loopback origins (any port)
const url = new URL(origin); try {
const hostname = url.hostname; const url = new URL(origin);
if ( const hostname = url.hostname;
hostname === 'localhost' || console.log(`[CORS] Parsed hostname: ${hostname}`);
hostname === '127.0.0.1' ||
hostname === '::1' || if (
hostname === '0.0.0.0' || hostname === 'localhost' ||
hostname.startsWith('192.168.') || hostname === '127.0.0.1' ||
hostname.startsWith('10.') || hostname === '::1' ||
hostname.startsWith('172.') hostname === '0.0.0.0' ||
) { hostname.startsWith('192.168.') ||
callback(null, origin); hostname.startsWith('10.') ||
return; hostname.startsWith('172.')
) {
console.log(`[CORS] ✓ Allowing origin: ${origin}`);
callback(null, origin);
return;
}
} catch (err) {
console.error(`[CORS] Error parsing URL: ${origin}`, err);
} }
// Reject other origins by default for security // Reject other origins by default for security
console.log(`[CORS] ✗ Rejecting origin: ${origin}`);
callback(new Error('Not allowed by CORS')); callback(new Error('Not allowed by CORS'));
}, },
credentials: true, credentials: true,