docs: use CORS_ORIGIN, the env var the server actually reads#978
Open
Anexus5919 wants to merge 1 commit into
Open
docs: use CORS_ORIGIN, the env var the server actually reads#978Anexus5919 wants to merge 1 commit into
Anexus5919 wants to merge 1 commit into
Conversation
|
@Anexus5919 is attempting to deploy a commit to the somiljain2024-4175's projects Team on Vercel. A member of the Team first needs to authorize it. |
Contributor
Author
|
@Somil450 @diksha78dev Kindly have a review on this pr. Thanks! |
The root .env.example, API.md, and README.md told users to set ALLOWED_ORIGIN, but the server's entry point (index.js -> config/env.js) reads only CORS_ORIGIN and throws "CORS_ORIGIN must be set in production" on boot when it is unset. ALLOWED_ORIGIN is read only by the unreferenced legacy app.js. So following the docs left CORS_ORIGIN unset and crashed production on startup. Align the root docs on CORS_ORIGIN (matching config/env.js and the server's own server/.env.example and server/README.md), and fix the API.md env table, which had the two names inverted.
6abce07 to
2dd0cf8
Compare
Contributor
Author
|
@Somil450 @diksha78dev Kindly have a review on this pr. Thanks! |
Contributor
Author
|
This failing check is from |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
📌 Related Issue
Fixes #917
📝 Description
The root docs told users to set
ALLOWED_ORIGIN, but the backend readsCORS_ORIGINand throwsCORS_ORIGIN must be set in productionon boot when it is unset.ALLOWED_ORIGINis read only by the unreferenced legacyserver/src/app.js(the start script isnode src/index.js->config/env.js). So following the docs leftCORS_ORIGINunset and crashed production on startup.🔹 What has been changed?
.env.example(root):ALLOWED_ORIGIN->CORS_ORIGIN.API.md: the backend.envexample usesCORS_ORIGIN, and the environment-variable table is corrected (it had the two names inverted, describingCORS_ORIGINas a legacy alias ofALLOWED_ORIGIN). The table now listsCORS_ORIGINas required in production and notes the boot-time throw.README.md: the backend.envblock and the deployment paragraph useCORS_ORIGIN.🔹 Why are these changes needed?
CORS_ORIGINmatchesserver/src/config/env.jsand the server's ownserver/.env.example/server/README.md, so following the docs brings up a working production server instead of crashing on boot.🛠️ Type of Change
🧪 Testing
✅ Tests Performed
ALLOWED_ORIGINremains;CORS_ORIGINis present in each.server/src/config/env.js(readsprocess.env.CORS_ORIGIN, throws if unset in production) and the server's own docs (server/.env.example,server/README.md), which already useCORS_ORIGIN.🌐 Browsers Tested
Not applicable (documentation-only change; no code or server behavior changes).
📷 Screenshots / Demo (if applicable)
Not applicable.
📋 Checklist
💬 Additional Notes
Branched from latest
upstream/main(5464425). Documentation-only; no server behavior changes. An alternative would be to makeenv.jsalso acceptALLOWED_ORIGIN, but the running server has never read it (only the deadapp.jsdid), so aligning the docs onCORS_ORIGINis the minimal, consistent fix.