From 6232cb5f71704d22eb8d3f8fe4bdb86e6229059c Mon Sep 17 00:00:00 2001
From: Yannis Barlas <yannisbarlas@gmail.com>
Date: Mon, 19 Dec 2022 16:29:46 +0200
Subject: [PATCH] feat(server): pass cors config to apollo server

---
 src/app.js        | 13 +++----------
 src/corsConfig.js | 14 ++++++++++++++
 src/graphqlApi.js |  5 ++++-
 3 files changed, 21 insertions(+), 11 deletions(-)
 create mode 100644 src/corsConfig.js

diff --git a/src/app.js b/src/app.js
index b835c89..54fe5ad 100644
--- a/src/app.js
+++ b/src/app.js
@@ -20,6 +20,7 @@ const api = require('pubsweet-server/src/routes/api')
 const index = require('pubsweet-server/src/routes/index')
 
 const healthcheck = require('./healthcheck')
+const createCORSConfig = require('./corsConfig')
 
 const configureApp = app => {
   const models = require('@pubsweet/models')
@@ -61,16 +62,8 @@ const configureApp = app => {
   }
 
   // Allow CORS from client if host / port is different
-  if (config.has('pubsweet-client.url')) {
-    const clientUrl = config.has('clientUrl') && config.get('clientUrl')
-
-    app.use(
-      cors({
-        origin: clientUrl,
-        credentials: true,
-      }),
-    )
-  }
+  const CORSConfig = createCORSConfig()
+  app.use(cors(CORSConfig))
 
   // Register passport authentication strategies
   app.use(passport.initialize())
diff --git a/src/corsConfig.js b/src/corsConfig.js
new file mode 100644
index 0000000..c082321
--- /dev/null
+++ b/src/corsConfig.js
@@ -0,0 +1,14 @@
+const config = require('config')
+
+const createCORSConfig = () => {
+  if (!config.has('pubsweet-client.url')) return null
+
+  const clientUrl = config.has('clientUrl') && config.get('clientUrl')
+
+  return {
+    origin: clientUrl,
+    credentials: true,
+  }
+}
+
+module.exports = createCORSConfig
diff --git a/src/graphqlApi.js b/src/graphqlApi.js
index 58ca13f..879fa12 100644
--- a/src/graphqlApi.js
+++ b/src/graphqlApi.js
@@ -1,6 +1,7 @@
 const { graphqlUploadExpress } = require('graphql-upload')
 
 const createGraphQLServer = require('./graphqlServer')
+const createCORSConfig = require('./corsConfig')
 
 const api = app => {
   app.use(
@@ -13,7 +14,9 @@ const api = app => {
   app.use(graphqlUploadExpress())
 
   const server = createGraphQLServer()
-  server.applyMiddleware({ app })
+  const CORSConfig = createCORSConfig()
+
+  server.applyMiddleware({ app, cors: CORSConfig })
 }
 
 module.exports = api
-- 
GitLab