From b64dd28f2a77cfc689ad8c3a6c139eebf3d16926 Mon Sep 17 00:00:00 2001
From: Yannis Barlas <yannisbarlas@gmail.com>
Date: Mon, 19 Dec 2022 16:31:23 +0200
Subject: [PATCH] fix(server): register cors before static endpoints

---
 src/app.js | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/app.js b/src/app.js
index 54fe5ad..103cd14 100644
--- a/src/app.js
+++ b/src/app.js
@@ -51,6 +51,11 @@ const configureApp = app => {
   app.use(bodyParser.urlencoded({ extended: false }))
   app.use(cookieParser())
   app.use(helmet())
+
+  // Allow CORS from client if host / port is different
+  const CORSConfig = createCORSConfig()
+  app.use(cors(CORSConfig))
+
   app.use(express.static(path.resolve('.', '_build')))
   app.use(express.static(path.resolve('.', 'static')))
 
@@ -61,10 +66,6 @@ const configureApp = app => {
     )
   }
 
-  // Allow CORS from client if host / port is different
-  const CORSConfig = createCORSConfig()
-  app.use(cors(CORSConfig))
-
   // Register passport authentication strategies
   app.use(passport.initialize())
   const authentication = require('pubsweet-server/src/authentication')
-- 
GitLab