feat: enable CORS in backoffice with configurable origins

2025-12-27 00:42:57 -03:00 · 2025-12-27 00:42:57 -03:00 · 64d13581df
commit 64d13581df
parent 70d89d1c28
2 changed files with 7 additions and 0 deletions
--- a/backoffice/.env.example
+++ b/backoffice/.env.example
@ -2,3 +2,4 @@ DATABASE_URL=postgresql://user:password@host:port/dbname?schema=public
 JWT_SECRET=dev-secret
 PORT=3000
 API_URL=http://localhost:3000
+CORS_ORIGINS=*
--- a/backoffice/src/main.ts
+++ b/backoffice/src/main.ts
@ -13,6 +13,12 @@ async function bootstrap() {
  );

  const configService = app.get(ConfigService);
+  const corsOrigins = configService.get<string>('CORS_ORIGINS', '*');
+
+  app.enableCors({
+    origin: corsOrigins === '*' ? '*' : corsOrigins.split(','),
+    credentials: true,
+  });

  const cookieOptions: FastifyCookieOptions = {
    parseOptions: {