From f43bcac2537ad1980854577b0787d03d1baf92e3 Mon Sep 17 00:00:00 2001 From: "railway-app[bot]" <68434857+railway-app[bot]@users.noreply.github.com> Date: Fri, 24 Apr 2026 04:16:24 +0000 Subject: [PATCH] fix: allow production frontend origin in CORS config (backend/server.ts) --- backend/server.ts | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/backend/server.ts b/backend/server.ts index 7cc193c..c4e8b26 100644 --- a/backend/server.ts +++ b/backend/server.ts @@ -21,7 +21,12 @@ const PORT = process.env.PORT || 3001; app.set("trust proxy", 1); app.use(helmet()); -app.use(cors({ origin: process.env.CLIENT_URL || "http://localhost:5173", credentials: true })); +const allowedOrigins = [ + "http://localhost:5173", + "https://free-form-code-production.up.railway.app", + ...(process.env.CLIENT_URL ? [process.env.CLIENT_URL] : []), +]; +app.use(cors({ origin: allowedOrigins, credentials: true })); app.use(express.json()); app.use(cookieParser()); @@ -35,7 +40,7 @@ const httpServer = createServer(app); // attach socket.io to the http server const io = new Server(httpServer, { - cors: { origin: process.env.CLIENT_URL || "http://localhost:5173", credentials: true }, + cors: { origin: allowedOrigins, credentials: true }, }); // register all socket event handlers