Kenneth 35c6371d48 fix(backend): add CORS and disable CSRF in dev (#92) ...

* fix(backend): add CORS middleware and disable CSRF in dev

- Add CORS middleware for /api/auth/* and global routes
- Disable better-auth CSRF origin check when NODE_ENV != production

Co-authored-by: Ona <no-reply@ona.com>

* fix: gate permissive CORS to dev only

In production, only origins listed in CORS_ORIGINS env
var are allowed. In dev, any origin is reflected back.

Co-authored-by: Ona <no-reply@ona.com>

---------

Co-authored-by: Ona <no-reply@ona.com>

2026-03-23 00:31:23 +00:00

..

drizzle

feat(backend): add DB persistence layer (#79)

2026-03-16 01:30:02 +00:00

src

fix(backend): add CORS and disable CSRF in dev (#92)

2026-03-23 00:31:23 +00:00

.env.example

feat(backend): add DB persistence layer (#79)

2026-03-16 01:30:02 +00:00

auth.ts

feat(backend): add admin plugin and create-admin script (#80)

2026-03-16 22:39:40 +00:00

drizzle.config.ts

feat(backend): add DB persistence layer (#79)

2026-03-16 01:30:02 +00:00

package.json

feat(backend): add PATCH /api/sources/:sourceId (#86)

2026-03-22 17:57:54 +00:00

tsconfig.json

refactor: rename aris to aelis (#59)

2026-03-10 19:19:23 +00:00