Gitead/DentalManagementMH04
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: use relative API URLs and allow any LAN IP for CORS

Browse Source
This commit is contained in:
Gitead
2026-04-21 23:16:36 -04:00
parent d8180ca0ed
commit 5e7f0ceb07
3 changed files with 37 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
apps/Backend/src/app.ts
View File

@@ -39,19 +39,16 @@ function isOriginAllowed(origin?: string | null) {
if (!origin) return true; // allow non-browser clients (curl/postman)
if (NODE_ENV !== "production") {
// Dev mode: allow localhost origins automatically
// Dev mode: allow localhost and any private LAN range
if (
origin.startsWith("http://localhost") ||
origin.startsWith("http://127.0.0.1") ||
origin.startsWith("http://192.168.0.240")
/^https?:\/\/10\.\d+\.\d+\.\d+/.test(origin) ||
/^https?:\/\/172\.(1[6-9]|2\d|3[01])\.\d+\.\d+/.test(origin) ||
/^https?:\/\/192\.168\.\d+\.\d+/.test(origin)
)
return true;
// allow explicit FRONTEND_URLS if provided
if (FRONTEND_URLS.includes(origin)) return true;
// optionally allow the server's LAN IP if FRONTEND_LAN_IP is provided
const lanIp = process.env.FRONTEND_LAN_IP;
if (lanIp && origin.startsWith(`http://${lanIp}`)) return true;
// fallback: deny if not matched
return false;
}