diff --git a/config/dev.exs b/config/dev.exs index 880401b..15cf041 100644 --- a/config/dev.exs +++ b/config/dev.exs @@ -65,6 +65,9 @@ config :phoenix, :plug_init_mode, :runtime # Disable swoosh api client as it is only required for production adapters. config :swoosh, :api_client, false +# Config setup for Corsica +config :atlas, :allowed_origins, "*" + config :atlas, Atlas.Accounts.Guardian, issuer: "atlas", secret_key: "your-dev-secret-key-here-make-it-long-enough", diff --git a/config/prod.exs b/config/prod.exs index 1d0d4e6..32a4600 100644 --- a/config/prod.exs +++ b/config/prod.exs @@ -9,5 +9,14 @@ config :swoosh, local: false # Do not print debug messages in production config :logger, level: :info +# Configures CORS allowed origins +config :atlas, + :allowed_origins, + System.get_env("FRONTEND_URL") || + raise(""" + environment variable FRONTEND_URL is missing. + This should be the URL of your frontend application. + """) + # Runtime production configuration, including reading # of environment variables, is done on config/runtime.exs. diff --git a/lib/atlas_web/endpoint.ex b/lib/atlas_web/endpoint.ex index fb8245a..964c08a 100644 --- a/lib/atlas_web/endpoint.ex +++ b/lib/atlas_web/endpoint.ex @@ -47,5 +47,12 @@ defmodule AtlasWeb.Endpoint do plug Plug.MethodOverride plug Plug.Head plug Plug.Session, @session_options + + plug Corsica, + origins: Application.compile_env(:atlas, :allowed_origins), + log: [rejected: :error], + allow_credentials: true, + allow_headers: ["authorization", "content-type", "accept"] + plug AtlasWeb.Router end diff --git a/mix.exs b/mix.exs index 68d7f42..4174698 100644 --- a/mix.exs +++ b/mix.exs @@ -64,6 +64,9 @@ defmodule Atlas.MixProject do {:dns_cluster, "~> 0.1.1"}, {:bandit, "~> 1.2"}, + # cors + {:corsica, "~> 2.1.3"}, + # utilities {:remote_ip, "~> 1.2"}, {:ua_parser, "~> 1.8"} diff --git a/mix.lock b/mix.lock index 39c262a..ecbf1ed 100644 --- a/mix.lock +++ b/mix.lock @@ -3,6 +3,7 @@ "bcrypt_elixir": {:hex, :bcrypt_elixir, "3.3.2", "d50091e3c9492d73e17fc1e1619a9b09d6a5ef99160eb4d736926fd475a16ca3", [:make, :mix], [{:comeonin, "~> 5.3", [hex: :comeonin, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "471be5151874ae7931911057d1467d908955f93554f7a6cd1b7d804cac8cef53"}, "bunt": {:hex, :bunt, "1.0.0", "081c2c665f086849e6d57900292b3a161727ab40431219529f13c4ddcf3e7a44", [:mix], [], "hexpm", "dc5f86aa08a5f6fa6b8096f0735c4e76d54ae5c9fa2c143e5a1fc7c1cd9bb6b5"}, "castore": {:hex, :castore, "1.0.14", "4582dd7d630b48cf5e1ca8d3d42494db51e406b7ba704e81fbd401866366896a", [:mix], [], "hexpm", "7bc1b65249d31701393edaaac18ec8398d8974d52c647b7904d01b964137b9f4"}, + "corsica": {:hex, :corsica, "2.1.3", "dccd094ffce38178acead9ae743180cdaffa388f35f0461ba1e8151d32e190e6", [:mix], [{:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4.0 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "616c08f61a345780c2cf662ff226816f04d8868e12054e68963e95285b5be8bc"}, "combine": {:hex, :combine, "0.10.0", "eff8224eeb56498a2af13011d142c5e7997a80c8f5b97c499f84c841032e429f", [:mix], [], "hexpm", "1b1dbc1790073076580d0d1d64e42eae2366583e7aecd455d1215b0d16f2451b"}, "comeonin": {:hex, :comeonin, "5.5.1", "5113e5f3800799787de08a6e0db307133850e635d34e9fab23c70b6501669510", [:mix], [], "hexpm", "65aac8f19938145377cee73973f192c5645873dcf550a8a6b18187d17c13ccdb"}, "credo": {:hex, :credo, "1.7.12", "9e3c20463de4b5f3f23721527fcaf16722ec815e70ff6c60b86412c695d426c1", [:mix], [{:bunt, "~> 0.2.1 or ~> 1.0", [hex: :bunt, repo: "hexpm", optional: false]}, {:file_system, "~> 0.2 or ~> 1.0", [hex: :file_system, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "8493d45c656c5427d9c729235b99d498bd133421f3e0a683e5c1b561471291e5"},