From f2001e0d0cab801a2cd1bc270dd36207afe935bb Mon Sep 17 00:00:00 2001 From: Stefan Hardegger Date: Wed, 23 Jul 2025 14:58:59 +0200 Subject: [PATCH] Add CORS support for production domain MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add STORYCOVE_CORS_ALLOWED_ORIGINS environment variable to docker-compose.yml - Include production domain https://storycove.sharyavin.synology.me in allowed origins - Update SecurityConfig to read from environment variable with fallback - Maintains localhost support for development while enabling production access - Fixes "Invalid CORS request" error on deployed application 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- backend/src/main/java/com/storycove/config/SecurityConfig.java | 2 +- docker-compose.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/backend/src/main/java/com/storycove/config/SecurityConfig.java b/backend/src/main/java/com/storycove/config/SecurityConfig.java index 65baae5..27839e5 100644 --- a/backend/src/main/java/com/storycove/config/SecurityConfig.java +++ b/backend/src/main/java/com/storycove/config/SecurityConfig.java @@ -23,7 +23,7 @@ import java.util.List; @EnableWebSecurity public class SecurityConfig { - @Value("${storycove.cors.allowed-origins:http://localhost:3000}") + @Value("${storycove.cors.allowed-origins:${STORYCOVE_CORS_ALLOWED_ORIGINS:http://localhost:3000}}") private String allowedOrigins; private final JwtAuthenticationFilter jwtAuthenticationFilter; diff --git a/docker-compose.yml b/docker-compose.yml index 12f51a5..9406977 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -39,6 +39,7 @@ services: - TYPESENSE_PORT=8108 - IMAGE_STORAGE_PATH=/app/images - APP_PASSWORD=${APP_PASSWORD} + - STORYCOVE_CORS_ALLOWED_ORIGINS=https://storycove.sharyavin.synology.me,http://localhost:3000 volumes: - images_data:/app/images depends_on: