fix: more cors updates

cpb8010 · cpb8010 · commit d6f0a90dc4b7 · 2025-12-17T21:13:41.000-08:00
multi-origin requires callback not a list
diff --git a/packages/auth-server-api/src/app.ts b/packages/auth-server-api/src/app.ts
@@ -11,7 +11,15 @@ const app = express();
 app.use(express.json());
 
 // CORS configuration
-const corsOrigins = env.CORS_ORIGINS.split(",").map((origin) => origin.trim());
+const corsOrigins = (origin: string | undefined, callback: (err: Error | null, allow?: boolean) => void) => {
+  const allowlist = env.CORS_ORIGINS.split(",").map((origin) => origin.trim());
+  if (!origin || allowlist.indexOf(origin) !== -1) {
+    callback(null, true);
+  } else {
+    callback(new Error("Not allowed by CORS"));
+  }
+};
+
 app.use(
   cors({
     origin: corsOrigins,
