feat(server): cors config to allow client running on a different port

README.md

@@ -65,6 +65,20 @@ cron.schedule('* * * * * *', () => {
 
 The library that enables this is `node-cron`. Be sure to check its [documentation](https://github.com/node-cron/node-cron#node-cron) for further details.
 
+### CORS support for the client
+
+If you run your client on a different host/port than the server, you might run into issues where cross-origin requests are rejected. If that happens, make sure the following entries exist in your config. The server should take care of it once these are defined.
+
+```js
+// replace values with the ones you are using
+{
+  'pubsweet-client': {
+    host: 'http://localhost',
+    port: 4000,
+  }
+}
+```
+
 ### Other exports from included packages
 
 - `createJWT` is an export of a function in `pubsweet-server` that does just that. Useful if you have custom login resolvers.

package.json

@@ -30,6 +30,7 @@
     "body-parser": "^1.19.0",
     "config": "^3.3.1",
     "cookie-parser": "^1.4.5",
+    "cors": "^2.8.5",
     "express": "^4.17.1",
     "helmet": "^3.22.0",
     "http-status-codes": "^1.4.0",

src/app.js

@@ -4,6 +4,7 @@ const path = require('path')
 
 const bodyParser = require('body-parser')
 const config = require('config')
+const cors = require('cors')
 const cookieParser = require('cookie-parser')
 const express = require('express')
 const helmet = require('helmet')
@@ -55,6 +56,16 @@ const configureApp = app => {
     )
   }
 
+  // Allow CORS from client if host / port is different
+  app.use(
+    cors({
+      origin: `${config.get('pubsweet-client.host')}:${config.get(
+        'pubsweet-client.port',
+      )}`,
+      credentials: true,
+    }),
+  )
+
   // Register passport authentication strategies
   app.use(passport.initialize())
   const authentication = require('pubsweet-server/src/authentication')