diff --git a/Website/Backend/index.ts b/Website/Backend/index.ts index 3a9a21f..a78303f 100644 --- a/Website/Backend/index.ts +++ b/Website/Backend/index.ts @@ -1,8 +1,8 @@ import express, { Express, Request, Response } from "express"; -import cors from "cors"; import { config } from "dotenv"; import { connectToDB } from "./config/db"; import cookieParser from "cookie-parser"; + // Routes import import certificatesRoute from "./routes/certificate"; import authRoute from "./routes/auth"; @@ -20,33 +20,31 @@ connectToDB(); const app: Express = express(); const PORT: string = process.env.PORT || "5000"; -// CORS configuration: Allow only your domain -const allowedOrigins = ["https://certimailer.xyz"]; -const allowedHosts = ["certimailer.xyz"]; +// CORS configuration: Manually handle origins and preflight requests +const allowedOrigins = ["https://certimailer.xyz"]; +const allowedMethods = ["GET", "POST", "PUT", "DELETE"]; +const allowedHeaders = ["Content-Type", "Authorization"]; + +app.use((req: Request, res: Response, next) => { + const origin = req.headers.origin as string | undefined; -// Use CORS with the specified options -app.use((req, res, next) => { - const origin = req.headers.origin; - const host = req.headers.host; - console.log(origin); - console.log(host); - if ( - origin && - allowedOrigins.includes(origin) && - host && - allowedHosts.includes(host) - ) { + if (origin && allowedOrigins.includes(origin)) { + // Allow the origin if it's in the allowedOrigins list res.setHeader("Access-Control-Allow-Origin", origin); - res.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE"); + res.setHeader("Access-Control-Allow-Methods", allowedMethods.join(", ")); + res.setHeader("Access-Control-Allow-Headers", allowedHeaders.join(", ")); res.setHeader("Access-Control-Allow-Credentials", "true"); - res.setHeader( - "Access-Control-Allow-Headers", - "Content-Type, Authorization" - ); - next(); - } else { - res.status(403).json({ message: "Access denied: Not allowed" }); + + // Handle preflight requests (OPTIONS) + if (req.method === "OPTIONS") { + return res.status(200).end(); + } + } else { + // If origin doesn't match, send a 403 error + return res.status(403).json({ message: "Access denied: Not allowed" }); } + + next(); }); // Middleware to parse JSON and cookies diff --git a/Website/Backend/routes/user.ts b/Website/Backend/routes/user.ts index 522aaab..b4738be 100644 --- a/Website/Backend/routes/user.ts +++ b/Website/Backend/routes/user.ts @@ -18,7 +18,6 @@ router.get("/", (req: Request, res: Response) => { router.post("/newsletter", async (req: Request, res: Response) => { // Get the body const { email } = req.body; - console.log("got a ew request"); try { // Check if user already exists const user = await Newsletter.findOne({ email: email }); diff --git a/Website/Frontend/app/lib/control.ts b/Website/Frontend/app/lib/control.ts index 6b61a89..de8166c 100644 --- a/Website/Frontend/app/lib/control.ts +++ b/Website/Frontend/app/lib/control.ts @@ -1,10 +1,9 @@ -"use server"; +"use client"; export async function SubscribeToNewsletter(email: string) { // Backend URI from environment variables - const API_URI: string = (process.env.BACKEND_URI + + const API_URI: string = (process.env.NEXT_PUBLIC_BACKEND_URI + "/user/newsletter") as string; - console.log(API_URI); // API request to handle newsletter subscription try { @@ -15,7 +14,6 @@ export async function SubscribeToNewsletter(email: string) { }, body: JSON.stringify({ email: email }), // Send email as payload }); - console.log(response.status); return { status: response.status, message: response.statusText,