From 9221765e87b28817e86f34438ac424280559eec2 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin.piouffle@gmail.com>
Date: Thu, 1 Nov 2018 02:44:03 +0100
Subject: [PATCH] Fix CORS for production websockets

---
 apps/captain_fact/config/prod.exs              | 2 +-
 apps/captain_fact/lib/runtime_configuration.ex | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/apps/captain_fact/config/prod.exs b/apps/captain_fact/config/prod.exs
index 61467b53..7973ff0e 100644
--- a/apps/captain_fact/config/prod.exs
+++ b/apps/captain_fact/config/prod.exs
@@ -9,7 +9,7 @@ config :captain_fact, CaptainFactWeb.Endpoint,
   url: [port: 80],
   http: [port: 80],
   force_ssl: false,
-  check_origin: []
+  check_origin: "ProductionURLShouldGoThere"
 
 # Do not print debug messages in production
 config :logger, level: :info
diff --git a/apps/captain_fact/lib/runtime_configuration.ex b/apps/captain_fact/lib/runtime_configuration.ex
index fe75ca78..1ed3e3dc 100644
--- a/apps/captain_fact/lib/runtime_configuration.ex
+++ b/apps/captain_fact/lib/runtime_configuration.ex
@@ -38,6 +38,10 @@ defmodule CaptainFact.RuntimeConfiguration do
       put_in_oauth_fb([:redirect_uri], fb_redirect_uri)
       put_in_env(:captain_fact, [:frontend_url], url)
       add_url_to_cors(url)
+
+      if Application.get_env(:captain_fact, CaptainFactWeb.Endpoint)[:check_origin] != false do
+        put_in_env(:captain_fact, [CaptainFactWeb.Endpoint, :check_origin], url)
+      end
     end
   )
 
@@ -129,8 +133,6 @@ defmodule CaptainFact.RuntimeConfiguration do
     # Update CORS for websockets
     if new_cors == "*" do
       put_in_env(:captain_fact, [CaptainFactWeb.Endpoint, :check_origin], false)
-    else
-      put_in_env(:captain_fact, [CaptainFactWeb.Endpoint, :check_origin], [new_cors])
     end
   end