chore: CORS permission changed from * to frontend

Annonnymmousss · Annonnymmousss · commit 2e707dfd55df · 2026-03-21T10:45:39.000+05:30
diff --git a/src/backend/auth/github.ts b/src/backend/auth/github.ts
@@ -77,7 +77,7 @@ async function authenticateAndCreateJWT(
 
     console.log("DB Status for User:", userId, status);
 
-    ctx.response.headers.set("Access-Control-Allow-Origin", "*");
+
 
     if (status.matchedCount == 1 || status.upsertedId !== undefined) {
       const id_jwt = await createJWT(provider, userId);
@@ -94,7 +94,6 @@ async function authenticateAndCreateJWT(
 }
 
 async function handleJwtAuthentication(ctx: Context) {
-  ctx.response.headers.set("Access-Control-Allow-Origin", "*");
   if (!ctx.request.hasBody) {
     ctx.throw(415);
   }
diff --git a/src/backend/health-api.ts b/src/backend/health-api.ts
@@ -31,7 +31,7 @@ export async function getContainerHealth(ctx: Context): Promise<void> {
 
     const summary = await getHealthSummary();
 
-    ctx.response.headers.set("Access-Control-Allow-Origin", "*");
+
     ctx.response.body = {
         total: summary.total,
         healthy: summary.healthy,
@@ -68,7 +68,7 @@ export async function getContainerMetrics(ctx: Context): Promise<void> {
 
     const history = await getContainerHistory(subdomain, range);
 
-    ctx.response.headers.set("Access-Control-Allow-Origin", "*");
+
     ctx.response.body = {
         subdomain,
         step: range.step,
@@ -98,7 +98,7 @@ export async function getHealthDashboard(ctx: Context): Promise<void> {
     const summary = await getHealthSummary();
     const monitorStatus = getMonitorStatus();
 
-    ctx.response.headers.set("Access-Control-Allow-Origin", "*");
+
     ctx.response.body = {
         overview: {
             total: summary.total,
@@ -147,7 +147,7 @@ export async function restartContainerHandler(ctx: Context): Promise<void> {
     try {
         await restartContainer(subdomain);
 
-        ctx.response.headers.set("Access-Control-Allow-Origin", "*");
+
         ctx.response.body = {
             status: "success",
             message: `Container ${subdomain} restart initiated`,
@@ -183,7 +183,7 @@ export async function stopContainerHandler(ctx: Context): Promise<void> {
     try {
         await stopContainer(subdomain);
 
-        ctx.response.headers.set("Access-Control-Allow-Origin", "*");
+
         ctx.response.body = {
             status: "success",
             message: `Container ${subdomain} stop initiated`,
@@ -218,7 +218,6 @@ export async function triggerHealthCheckHandler(ctx: Context): Promise<void> {
 
     await triggerHealthCheck();
 
-    ctx.response.headers.set("Access-Control-Allow-Origin", "*");
     ctx.response.body = {
         status: "success",
         message: "Health check triggered",
diff --git a/src/backend/main.ts b/src/backend/main.ts
@@ -13,7 +13,7 @@ async function getSubdomains(ctx: Context) {
     ctx.throw(401);
   }
   const data = await getMaps(author, ADMIN_LIST!);
-  ctx.response.headers.set("Access-Control-Allow-Origin", "*");
+
   ctx.response.body = data.documents;
 }
 
@@ -44,7 +44,7 @@ async function addSubdomain(ctx: Context) {
     ctx.throw(401);
   }
   const success: boolean = await addMaps(document);
-  ctx.response.headers.set("Access-Control-Allow-Origin", "*");
+
 
   if (success) {
     await addScript(
@@ -93,7 +93,7 @@ async function deleteSubdomain(ctx: Context) {
       "info",
     );
   }
-  ctx.response.headers.set("Access-Control-Allow-Origin", "*");
+
   ctx.response.body = data;
 }
 
diff --git a/src/backend/server.ts b/src/backend/server.ts
@@ -80,7 +80,7 @@ router
   .post("/health/:subdomain/stop", (ctx) => stopContainerHandler(ctx))
   .post("/health/check", (ctx) => triggerHealthCheckHandler(ctx));
 
-app.use(oakCors());
+app.use(oakCors({ origin: frontend }));
 app.use(router.routes());
 app.use(router.allowedMethods());
 

Original file line number	Diff line number	Diff line change
`@@ -77,7 +77,7 @@ async function authenticateAndCreateJWT(`
`77`	`77`
`78`	`78`	`console.log("DB Status for User:", userId, status);`
`79`	`79`
`80`		`- ctx.response.headers.set("Access-Control-Allow-Origin", "*");`
	`80`	`+`
`81`	`81`
`82`	`82`	`if (status.matchedCount == 1 \|\| status.upsertedId !== undefined) {`
`83`	`83`	`const id_jwt = await createJWT(provider, userId);`
`@@ -94,7 +94,6 @@ async function authenticateAndCreateJWT(`
`94`	`94`	`}`
`95`	`95`
`96`	`96`	`async function handleJwtAuthentication(ctx: Context) {`
`97`		`- ctx.response.headers.set("Access-Control-Allow-Origin", "*");`
`98`	`97`	`if (!ctx.request.hasBody) {`
`99`	`98`	`ctx.throw(415);`
`100`	`99`	`}`
Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ async function getSubdomains(ctx: Context) {`
`13`	`13`	`ctx.throw(401);`
`14`	`14`	`}`
`15`	`15`	`const data = await getMaps(author, ADMIN_LIST!);`
`16`		`- ctx.response.headers.set("Access-Control-Allow-Origin", "*");`
	`16`	`+`
`17`	`17`	`ctx.response.body = data.documents;`
`18`	`18`	`}`
`19`	`19`
`@@ -44,7 +44,7 @@ async function addSubdomain(ctx: Context) {`
`44`	`44`	`ctx.throw(401);`
`45`	`45`	`}`
`46`	`46`	`const success: boolean = await addMaps(document);`
`47`		`- ctx.response.headers.set("Access-Control-Allow-Origin", "*");`
	`47`	`+`
`48`	`48`
`49`	`49`	`if (success) {`
`50`	`50`	`await addScript(`
`@@ -93,7 +93,7 @@ async function deleteSubdomain(ctx: Context) {`
`93`	`93`	`"info",`
`94`	`94`	`);`
`95`	`95`	`}`
`96`		`- ctx.response.headers.set("Access-Control-Allow-Origin", "*");`
	`96`	`+`
`97`	`97`	`ctx.response.body = data;`
`98`	`98`	`}`
`99`	`99`