Setting up development environment, handling CORS policy, etc.

// CORS policy
const customCors = (c: Context) => cors({
    origin: [
        'https://instructor-ai.com',
        'https://www.instructor-ai.com',
        'https://api.instructor-ai.com',
        ...(c.env.ENVIRONMENT === 'development' ? ['http://localhost:5173'] : [])
    ],
    credentials: true,
});

app.use(
    '*',
    async (c, next) => {
        await customCors(c)(c, next);
    }
);

// Cross Site Request Forgery Protection (CSRF)
app.use('*', async (c, next) => {
    // Only apply CSRF protection to non-GET requests.
    if (c.req.method === 'GET') {
        return next();
    }

    // Get the origin and host headers from the request.
    const originHeader = c.req.header('Origin'); // May need to use X-Forwarded Host instead
    const hostHeader = c.req.header('Host');

    // Allow requests from your frontend domain and subdomains.
    const allowedHosts = ['instructor-ai.com', 'api.instructor-ai.com', 'www.instructor-ai.com',
        ...(c.env.ENVIRONMENT === 'development' ? ['http://localhost:5173'] : [])
    ];

// CORS policy
const customCors = (c: Context) => cors({
    origin: [
        'https://instructor-ai.com',
        'https://www.instructor-ai.com',
        'https://api.instructor-ai.com',
        ...(c.env.ENVIRONMENT === 'development' ? ['http://localhost:5173'] : [])
    ],
    credentials: true,
});

app.use(
    '*',
    async (c, next) => {
        await customCors(c)(c, next);
    }
);

// Cross Site Request Forgery Protection (CSRF)
app.use('*', async (c, next) => {
    // Only apply CSRF protection to non-GET requests.
    if (c.req.method === 'GET') {
        return next();
    }

    // Get the origin and host headers from the request.
    const originHeader = c.req.header('Origin'); // May need to use X-Forwarded Host instead
    const hostHeader = c.req.header('Host');

    // Allow requests from your frontend domain and subdomains.
    const allowedHosts = ['instructor-ai.com', 'api.instructor-ai.com', 'www.instructor-ai.com',
        ...(c.env.ENVIRONMENT === 'development' ? ['http://localhost:5173'] : [])
    ];

// CORS policy
const customCors = (c: Context) => cors({
    origin: [
        'https://instructor-ai.com',
        'https://www.instructor-ai.com',
        'https://api.instructor-ai.com',
        ...(c.env.ENVIRONMENT === 'development' ? ['http://localhost:5173'] : [])
    ],
    credentials: true,
});

app.use(
    '*',
    async (c, next) => {
        await customCors(c)(c, next);
    }
);

// Cross Site Request Forgery Protection (CSRF)
app.use('*', async (c, next) => {
    // Only apply CSRF protection to non-GET requests.
    if (c.req.method === 'GET') {
        return next();
    }

    // Get the origin and host headers from the request.
    const originHeader = c.req.header('Origin'); // May need to use X-Forwarded Host instead
    const hostHeader = c.req.header('Host');

    // Allow requests from your frontend domain and subdomains.
    const allowedHosts = ['instructor-ai.com', 'api.instructor-ai.com', 'www.instructor-ai.com',
        ...(c.env.ENVIRONMENT === 'development' ? ['http://localhost:5173'] : [])
    ];

// CORS policy
const customCors = (c: Context) => cors({
    origin: [
        'https://instructor-ai.com',
        'https://www.instructor-ai.com',
        'https://api.instructor-ai.com',
        ...(c.env.ENVIRONMENT === 'development' ? ['http://localhost:5173'] : [])
    ],
    credentials: true,
});

app.use(
    '*',
    async (c, next) => {
        await customCors(c)(c, next);
    }
);

// Cross Site Request Forgery Protection (CSRF)
app.use('*', async (c, next) => {
    // Only apply CSRF protection to non-GET requests.
    if (c.req.method === 'GET') {
        return next();
    }

    // Get the origin and host headers from the request.
    const originHeader = c.req.header('Origin'); // May need to use X-Forwarded Host instead
    const hostHeader = c.req.header('Host');

    // Allow requests from your frontend domain and subdomains.
    const allowedHosts = ['instructor-ai.com', 'api.instructor-ai.com', 'www.instructor-ai.com',
        ...(c.env.ENVIRONMENT === 'development' ? ['http://localhost:5173'] : [])
    ];

Also I'm trying to configure vite to proxy all requests to https;//api.instructor-ai.com/ to localhost:8787 during development, but that's not working either

export default defineConfig({
  plugins: [react()],

  server: {
    proxy: {
      'https://api.instructor-ai.com.*': { 
        target: 'http://localhost:8787',
        changeOrigin: true,
        secure: false
      }
    }
  }
})

export default defineConfig({
  plugins: [react()],

  server: {
    proxy: {
      'https://api.instructor-ai.com.*': { 
        target: 'http://localhost:8787',
        changeOrigin: true,
        secure: false
      }
    }
  }
})

export default defineConfig({
  plugins: [react()],

  server: {
    proxy: {
      'https://api.instructor-ai.com.*': { 
        target: 'http://localhost:8787',
        changeOrigin: true,
        secure: false
      }
    }
  }
})

export default defineConfig({
  plugins: [react()],

  server: {
    proxy: {
      'https://api.instructor-ai.com.*': { 
        target: 'http://localhost:8787',
        changeOrigin: true,
        secure: false
      }
    }
  }
})

Setting up development environment, handling CORS policy, etc.

Similar Threads

Similar Threads

Similar Threads