Closed a13xk13m closed 2 years ago
Issue #410
Shouldn't we disable CORS in development mode? To enable for easier debugging via. Postman or other HTTP debugging clients.
Otherwise this PR looks good
Nvm, talked about this and decided to leave enabled for local dev, since Postman clients don't respect CORS anyways.
This fix includes adding FRONTEND_PORT env variable to docker-compose and is used to add localhost to CORS list for local production. I believe the reason it wasn't working before is because the CORS for production was
genbank.covidcg.org
rather than justcovidcg.org
. I hardcodedcovidcg.org
in for now as the production hostname is pulled fromconfig.yaml
which seems to be a deployment only file. This is currently a blanket CORS implementation, so if there are some endpoints that should be exposed that can be pretty easily added.