From 743861b1ae23a73423400531e489c73f50a40eab Mon Sep 17 00:00:00 2001
From: alex <alex@roese.dev>
Date: Mon, 1 Apr 2024 13:35:52 +0200
Subject: [PATCH] cors

---
 env.example | 10 +++++++++-
 server.ts   |  9 +++++++--
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/env.example b/env.example
index abe87f1..adb6f15 100644
--- a/env.example
+++ b/env.example
@@ -18,6 +18,10 @@ GOOGLE_CLIENT_SECRET=your_client_secret
 TERMIN_PLANNER_AUTHORIZATION_PASSWORD=your_authorization_password
 TERMIN_PLANNER_URL=your_termin_planner_url
 
+ADMIN_DASHBOARD_TELEGRAM_ENABLED=true
+ADMIN_DASHBOARD_TELEGRAM_NOTIFICATIONS_URL=
+ADMIN_DASHBOARD_TELEGRAM_NOTIFICATIONS_API_KEY=
+
 RABBITMQ_HOST=
 RABBITMQ_PORT=
 RABBITMQ_USERNAME=
@@ -32,4 +36,8 @@ LOG_MANAGER_URL=
 LOG_MANAGER_INTERVAL=
 
 STRIPE_SECRET_KEY=
-STRIPE_WEBHOOK_ENDPOINT_SECRET=
\ No newline at end of file
+STRIPE_WEBHOOK_ENDPOINT_SECRET=
+
+NEWSLETTER_ALLOWED_TYPES=jannex,zeitadler
+NEWSLETTER_WEBSITE_URL=https://jannex.de/newsletter/
+NEWSLETTER_PRIVACY_POLICY_URLS=https://jannex.de/datenschutz,https://zeitadler.de/datenschutz
\ No newline at end of file
diff --git a/server.ts b/server.ts
index 4849536..f915b3c 100644
--- a/server.ts
+++ b/server.ts
@@ -107,8 +107,13 @@ passport.deserializeUser(function (user: User, cb) {
   });
 });
 
-// TODO: setup cors
-app.use(cors());
+app.use(
+  cors({
+    origin: process.env.CORS_ORIGINS?.split(","), // allow to server to accept request from different origin
+    optionsSuccessStatus: 200, // some legacy browsers (IE11, various SmartTVs) choke on 204
+  })
+);
+
 app.use(cookieParser());
 app.use(useragent.express());