From b7aa9f934c0a31cc0422e2f76e4e31d0e7752fd5 Mon Sep 17 00:00:00 2001
From: Shirtiny <49592759+Shirtiny@users.noreply.github.com>
Date: Sat, 11 Feb 2023 14:48:50 +0000
Subject: [PATCH] read Access-Control-Allow-Origin from env

---
 server.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/server.js b/server.js
index 52b6349..4f66029 100644
--- a/server.js
+++ b/server.js
@@ -133,6 +133,7 @@ async function checkVersion() {
  */
 async function consturctServer(moduleDefs) {
   const app = express()
+  const { CORS_ALLOW_ORIGIN } = process.env
   app.set('trust proxy', true)
 
   /**
@@ -142,7 +143,8 @@ async function consturctServer(moduleDefs) {
     if (req.path !== '/' && !req.path.includes('.')) {
       res.set({
         'Access-Control-Allow-Credentials': true,
-        'Access-Control-Allow-Origin': req.headers.origin || '*',
+        'Access-Control-Allow-Origin':
+          CORS_ALLOW_ORIGIN || req.headers.origin || '*',
         'Access-Control-Allow-Headers': 'X-Requested-With,Content-Type',
         'Access-Control-Allow-Methods': 'PUT,POST,GET,DELETE,OPTIONS',
         'Content-Type': 'application/json; charset=utf-8',