kennethnym/aris
1
0
Fork 0
mirror of https://github.com/kennethnym/aris.git synced 2026-04-08 19:11:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(backend): add CORS and disable CSRF in dev (#92)

Browse Source 
* fix(backend): add CORS middleware and disable CSRF in dev

- Add CORS middleware for /api/auth/* and global routes
- Disable better-auth CSRF origin check when NODE_ENV != production

Co-authored-by: Ona <no-reply@ona.com>

* fix: gate permissive CORS to dev only

In production, only origins listed in CORS_ORIGINS env
var are allowed. In dev, any origin is reflected back.

Co-authored-by: Ona <no-reply@ona.com>

---------

Co-authored-by: Ona <no-reply@ona.com>
This commit is contained in:
Kenneth
2026-03-23 00:31:23 +00:00
committed by GitHub
parent 7909211c1b
commit 35c6371d48
2 changed files with 32 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
apps/aelis-backend/src/auth/index.ts
View File

@@ -16,6 +16,9 @@ export function createAuth(db: Database) {
provider: "pg",
schema,
}),
advanced: {
disableCSRFCheck: process.env.NODE_ENV !== "production",
},
emailAndPassword: {
enabled: true,
},