From b9719d50e21bc29d96552748218b2fb3649eb57c Mon Sep 17 00:00:00 2001 From: Rui Lopes Date: Tue, 30 Jan 2024 17:45:14 +0000 Subject: [PATCH 1/2] refactor: change cors library from corsica to cors_plug --- .env.sample | 2 -- config/config.exs | 4 ---- config/dev.exs | 5 +++++ config/prod.exs | 10 ++++++++++ lib/safira_web/cors.ex | 19 ------------------- lib/safira_web/endpoint.ex | 3 +-- mix.exs | 2 +- mix.lock | 1 + 8 files changed, 18 insertions(+), 28 deletions(-) delete mode 100644 lib/safira_web/cors.ex diff --git a/.env.sample b/.env.sample index 2dc461c07..0e6bf7b20 100644 --- a/.env.sample +++ b/.env.sample @@ -12,8 +12,6 @@ export AWS_SECRET_ACCESS_KEY=[YOUR_AWS_SECRET_ACCESS_KEY] export AWS_REGION=[YOUR_AWS_REGION] export URL=[APPLICATION_URL] export AVATAR_URL=[AVATAR_URL] -# "You should provide a regex string without http or https" -export CORS_DOMAIN=[YOUR_CORS_DOMAIN] # "You can use `mix phx.gen.secret` to get one" export SECRET_KEY_BASE=[YOUR_SECRET_KEY_BASE] export EMAIL_API_KEY=[YOUR_MAILGUN_API_KEY] diff --git a/config/config.exs b/config/config.exs index a34344e95..f7e944e0e 100644 --- a/config/config.exs +++ b/config/config.exs @@ -31,10 +31,6 @@ config :safira, SafiraWeb.Endpoint, render_errors: [view: SafiraWeb.ErrorView, accepts: ~w(json)], pubsub_server: Safira.PubSub -config :safira, SafiraWeb.CORS, - # Allowed domains (regex string without protocol) - domain: System.get_env("CORS_DOMAIN" || ".*") - # Configures Elixir's Logger config :logger, :console, format: "$time $metadata[$level] $message\n", diff --git a/config/dev.exs b/config/dev.exs index fe1f47938..72b107519 100644 --- a/config/dev.exs +++ b/config/dev.exs @@ -32,6 +32,11 @@ config :safira, SafiraWeb.Endpoint, ] ] +config :cors_plug, + origin: [ + "http://localhost:3000", + ] + # ## SSL Support # # In order to use HTTPS in development, a self-signed diff --git a/config/prod.exs b/config/prod.exs index 73179671f..c05edeebc 100644 --- a/config/prod.exs +++ b/config/prod.exs @@ -70,6 +70,16 @@ config :safira, Safira.Mailer, recv_timeout: :timer.minutes(1) ] +# :cors_plug must be configured only in compilation time +# See https://github.com/mschae/cors_plug/issues/49 for alternative solutions +# with functions +config :cors_plug, + origin: [ + "https://seium.org", + "https://seium-stg.netlify.app", + "https://lazuli-stg.netlify.app", + ] + # Finally import the config/prod.secret.exs # which should be versioned separately. # import_config "prod.secret.exs" diff --git a/lib/safira_web/cors.ex b/lib/safira_web/cors.ex deleted file mode 100644 index da0b16894..000000000 --- a/lib/safira_web/cors.ex +++ /dev/null @@ -1,19 +0,0 @@ -defmodule SafiraWeb.CORS do - @moduledoc """ - Module responsible for CORS configuration. - Expects CORS_DOMAIN to be set in the environment. - Examples: "localhost:3000", "seium.org" - """ - - @domain System.get_env("CORS_DOMAIN") - - use Corsica.Router, - origins: ~r{^https?://#{@domain}}, - log: [rejected: :error, invalid: :warn, accepted: :debug], - allow_headers: :all, - allow_credentials: true, - max_age: 600 - - resource("/*") - resource("/api/referrals/*", origins: "*") -end diff --git a/lib/safira_web/endpoint.ex b/lib/safira_web/endpoint.ex index df34bc14b..d994741ae 100644 --- a/lib/safira_web/endpoint.ex +++ b/lib/safira_web/endpoint.ex @@ -60,8 +60,7 @@ defmodule SafiraWeb.Endpoint do plug Pow.Plug.Session, otp_app: :safira - # The CORS plug - plug SafiraWeb.CORS + plug CORSPlug plug SafiraWeb.Router diff --git a/mix.exs b/mix.exs index 7686aa96c..e9067ee7b 100644 --- a/mix.exs +++ b/mix.exs @@ -56,7 +56,7 @@ defmodule Safira.MixProject do {:comeonin, "~> 5.3"}, {:bcrypt_elixir, "~> 3.0"}, {:qr_code_svg, git: "https://github.com/ondrej-tucek/qr-code-svg", tag: "v1.2.0"}, - {:corsica, "~> 1.3"}, + {:cors_plug, "~> 3.0"}, {:arc, "~> 0.11.0"}, # If using Amazon S3 {:ex_aws, "~> 2.4"}, diff --git a/mix.lock b/mix.lock index a36e3a638..09cba0dee 100644 --- a/mix.lock +++ b/mix.lock @@ -9,6 +9,7 @@ "certifi": {:hex, :certifi, "2.9.0", "6f2a475689dd47f19fb74334859d460a2dc4e3252a3324bd2111b8f0429e7e21", [:rebar3], [], "hexpm", "266da46bdb06d6c6d35fde799bcb28d36d985d424ad7c08b5bb48f5b5cdd4641"}, "combine": {:hex, :combine, "0.10.0", "eff8224eeb56498a2af13011d142c5e7997a80c8f5b97c499f84c841032e429f", [:mix], [], "hexpm", "1b1dbc1790073076580d0d1d64e42eae2366583e7aecd455d1215b0d16f2451b"}, "comeonin": {:hex, :comeonin, "5.3.3", "2c564dac95a35650e9b6acfe6d2952083d8a08e4a89b93a481acb552b325892e", [:mix], [], "hexpm", "3e38c9c2cb080828116597ca8807bb482618a315bfafd98c90bc22a821cc84df"}, + "cors_plug": {:hex, :cors_plug, "3.0.3", "7c3ac52b39624bc616db2e937c282f3f623f25f8d550068b6710e58d04a0e330", [:mix], [{:plug, "~> 1.13", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "3f2d759e8c272ed3835fab2ef11b46bddab8c1ab9528167bd463b6452edf830d"}, "corsica": {:hex, :corsica, "1.3.0", "bbec02ccbeca1fdf44ee23b25a8ae32f7c6c28fc127ef8836dd8420e8f65bd9b", [:mix], [{:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "8847ec817554047e9aa6d9933539cacb10c4ee60b58e0c15c3b380c5b737b35f"}, "cowboy": {:hex, :cowboy, "2.10.0", "ff9ffeff91dae4ae270dd975642997afe2a1179d94b1887863e43f681a203e26", [:make, :rebar3], [{:cowlib, "2.12.1", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "1.8.0", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "3afdccb7183cc6f143cb14d3cf51fa00e53db9ec80cdcd525482f5e99bc41d6b"}, "cowboy_telemetry": {:hex, :cowboy_telemetry, "0.4.0", "f239f68b588efa7707abce16a84d0d2acf3a0f50571f8bb7f56a15865aae820c", [:rebar3], [{:cowboy, "~> 2.7", [hex: :cowboy, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "7d98bac1ee4565d31b62d59f8823dfd8356a169e7fcbb83831b8a5397404c9de"}, From 5a6235ce6d4360133f4919d816ad953f42c68df9 Mon Sep 17 00:00:00 2001 From: Rui Lopes Date: Tue, 30 Jan 2024 17:48:05 +0000 Subject: [PATCH 2/2] style: run formatter --- config/dev.exs | 2 +- config/prod.exs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/dev.exs b/config/dev.exs index 72b107519..90c83c2b6 100644 --- a/config/dev.exs +++ b/config/dev.exs @@ -34,7 +34,7 @@ config :safira, SafiraWeb.Endpoint, config :cors_plug, origin: [ - "http://localhost:3000", + "http://localhost:3000" ] # ## SSL Support diff --git a/config/prod.exs b/config/prod.exs index c05edeebc..aa77d3c3b 100644 --- a/config/prod.exs +++ b/config/prod.exs @@ -77,7 +77,7 @@ config :cors_plug, origin: [ "https://seium.org", "https://seium-stg.netlify.app", - "https://lazuli-stg.netlify.app", + "https://lazuli-stg.netlify.app" ] # Finally import the config/prod.secret.exs