Fix CORS for production websockets

CaptainFact · Nov 1, 2018 · 9221765 · 9221765
1 parent 6945766
commit 9221765
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/apps/captain_fact/config/prod.exs b/apps/captain_fact/config/prod.exs
@@ -9,7 +9,7 @@ config :captain_fact, CaptainFactWeb.Endpoint,
   url: [port: 80],
   http: [port: 80],
   force_ssl: false,
-  check_origin: []
+  check_origin: "ProductionURLShouldGoThere"
 
 # Do not print debug messages in production
 config :logger, level: :info

diff --git a/apps/captain_fact/lib/runtime_configuration.ex b/apps/captain_fact/lib/runtime_configuration.ex
@@ -38,6 +38,10 @@ defmodule CaptainFact.RuntimeConfiguration do
       put_in_oauth_fb([:redirect_uri], fb_redirect_uri)
       put_in_env(:captain_fact, [:frontend_url], url)
       add_url_to_cors(url)
+
+      if Application.get_env(:captain_fact, CaptainFactWeb.Endpoint)[:check_origin] != false do
+        put_in_env(:captain_fact, [CaptainFactWeb.Endpoint, :check_origin], url)
+      end
     end
   )
 
@@ -129,8 +133,6 @@ defmodule CaptainFact.RuntimeConfiguration do
     # Update CORS for websockets
     if new_cors == "*" do
       put_in_env(:captain_fact, [CaptainFactWeb.Endpoint, :check_origin], false)
-    else
-      put_in_env(:captain_fact, [CaptainFactWeb.Endpoint, :check_origin], [new_cors])
     end
   end