From 5e9e937ab63d89ace9941bda04edb30879bbfcdd Mon Sep 17 00:00:00 2001
From: oleksandr-shysh <oleksandr.shysh@coralsoft.io>
Date: Tue, 10 Jun 2025 17:27:03 +0300
Subject: [PATCH] Improve CORS handling

---
 src/core/configuration/Config.ts        |  1 +
 src/core/configuration/DefaultConfig.ts | 12 ++++++++++++
 src/server/cors.ts                      | 22 +++++++++++-----------
 tests/util/TestServerConfig.ts          |  3 +++
 4 files changed, 27 insertions(+), 11 deletions(-)

diff --git a/src/core/configuration/Config.ts b/src/core/configuration/Config.ts
index 8f4cca4c5..e77f96d0b 100644
--- a/src/core/configuration/Config.ts
+++ b/src/core/configuration/Config.ts
@@ -62,6 +62,7 @@ export interface ServerConfig {
   cloudflareApiToken(): string;
   cloudflareConfigPath(): string;
   cloudflareCredsPath(): string;
+  origin(): string;
 }
 
 export interface NukeMagnitude {
diff --git a/src/core/configuration/DefaultConfig.ts b/src/core/configuration/DefaultConfig.ts
index c59841798..23f28513a 100644
--- a/src/core/configuration/DefaultConfig.ts
+++ b/src/core/configuration/DefaultConfig.ts
@@ -85,6 +85,18 @@ export abstract class DefaultServerConfig implements ServerConfig {
     return process.env.CF_CREDS_PATH ?? "";
   }
 
+  origin(): string {
+    const audience = this.jwtAudience();
+    const subdomain = this.subdomain();
+    if (audience === "localhost") {
+      return "http://localhost:9000";
+    }
+    if (subdomain === "") {
+      return `https://${audience}`;
+    }
+    return `https://${subdomain}.${audience}`;
+  }
+
   private publicKey: JWK;
   abstract jwtAudience(): string;
   jwtIssuer(): string {
diff --git a/src/server/cors.ts b/src/server/cors.ts
index 80c125ffd..5db3cf0d5 100644
--- a/src/server/cors.ts
+++ b/src/server/cors.ts
@@ -1,5 +1,7 @@
 import cors from "cors";
 import os from "os";
+import { GameEnv } from "../core/configuration/Config";
+import { getServerConfigFromServer } from "../core/configuration/ConfigLoader";
 
 function getLocalIP() {
   const interfaces = os.networkInterfaces();
@@ -15,18 +17,16 @@ function getLocalIP() {
   return null;
 }
 
-const allowedOrigins = [
-  "capacitor://localhost",
-  "https://localhost",
-  "http://localhost",
-  "http://localhost:9000",
-  "https://openfront.io",
-  "https://openfront.dev",
-];
+const config = getServerConfigFromServer();
+const origin = config.origin();
 
-const localIp = getLocalIP();
-if (localIp) {
-  allowedOrigins.push(`http://${localIp}:9000`);
+const allowedOrigins = [origin, "capacitor://localhost", "http://localhost"];
+
+if (config.env() === GameEnv.Dev) {
+  const localIp = getLocalIP();
+  if (localIp) {
+    allowedOrigins.push(`http://${localIp}:9000`, `https://${localIp}:9000`);
+  }
 }
 
 const corsOptions = {
diff --git a/tests/util/TestServerConfig.ts b/tests/util/TestServerConfig.ts
index be5155d5a..eaa4743f2 100644
--- a/tests/util/TestServerConfig.ts
+++ b/tests/util/TestServerConfig.ts
@@ -4,6 +4,9 @@ import { GameMapType } from "../../src/core/game/Game";
 import { GameID } from "../../src/core/Schemas";
 
 export class TestServerConfig implements ServerConfig {
+  origin(): string {
+    return "http://localhost:9000";
+  }
   cloudflareConfigPath(): string {
     throw new Error("Method not implemented.");
   }