fix: cors for feature flags

2025-11-13 00:03:33 +10:00 · 2023-09-25 00:16:01 +10:00
parent 341c0df231
commit 965b5c0afd
2 changed files with 29 additions and 0 deletions
--- a/packages/lib/server-only/feature-flags/all.ts
+++ b/packages/lib/server-only/feature-flags/all.ts
@ -35,5 +35,22 @@ export default async function handlerFeatureFlagAll(req: Request) {

  res.headers.set('Cache-Control', 'public, s-maxage=60, stale-while-revalidate=300');

+  const origin = req.headers.get('origin');
+
+  console.log({ origin });
+
+  if (origin) {
+    if (origin.startsWith(process.env.NEXT_PUBLIC_WEBAPP_URL ?? 'http://localhost:3000')) {
+      res.headers.set('Access-Control-Allow-Origin', origin);
+    }
+
+    console.log('marketing url', process.env.NEXT_PUBLIC_MARKETING_URL);
+
+    if (origin.startsWith(process.env.NEXT_PUBLIC_MARKETING_URL ?? 'http://localhost:3001')) {
+      console.log('setting marketing origin');
+      res.headers.set('Access-Control-Allow-Origin', origin);
+    }
+  }
+
  return res;
 }
--- a/packages/lib/server-only/feature-flags/get.ts
+++ b/packages/lib/server-only/feature-flags/get.ts
@ -54,6 +54,18 @@ export default async function handleFeatureFlagGet(req: Request) {

  res.headers.set('Cache-Control', 'public, s-maxage=60, stale-while-revalidate=300');

+  const origin = req.headers.get('Origin');
+
+  if (origin) {
+    if (origin.startsWith(process.env.NEXT_PUBLIC_WEBAPP_URL ?? 'http://localhost:3000')) {
+      res.headers.set('Access-Control-Allow-Origin', origin);
+    }
+
+    if (origin.startsWith(process.env.NEXT_PUBLIC_MARKETING_URL ?? 'http://localhost:3001')) {
+      res.headers.set('Access-Control-Allow-Origin', origin);
+    }
+  }
+
  return res;
 }