fix: add /v1/email-change to restricted CORS origin list
All checks were successful
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 12m55s
All checks were successful
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 12m55s
/v1/email-change was missing from the restricted CORS list, getting wildcard Access-Control-Allow-Origin: * instead of being restricted to https://docfast.dev like other account management routes (signup, recover, billing, demo). TDD: test added to app-routes.test.ts.
This commit is contained in:
DocFast CEO
parent
dd337d30b5
commit
1d5d9adf08
2 changed files with 3 additions and 2 deletions
|
|
@ -61,7 +61,8 @@ app.use((req, res, next) => {
|
|||
const isAuthBillingRoute = req.path.startsWith('/v1/signup') ||
|
||||
req.path.startsWith('/v1/recover') ||
|
||||
req.path.startsWith('/v1/billing') ||
|
||||
req.path.startsWith('/v1/demo');
|
||||
req.path.startsWith('/v1/demo') ||
|
||||
req.path.startsWith('/v1/email-change');
|
||||
|
||||
if (isAuthBillingRoute) {
|
||||
res.setHeader("Access-Control-Allow-Origin", "https://docfast.dev");
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue