From a1541ff137898b2781924706ff6b7964cd5e5fa0 Mon Sep 17 00:00:00 2001
From: pablomendezroyo <mendez4a@gmail.com>
Date: Wed, 31 Jan 2024 17:36:32 +0100
Subject: [PATCH] Allow origin in brain UI

---
 packages/brain/src/index.ts                   |  5 ++++-
 .../brain/src/modules/apiServers/ui/index.ts  | 19 ++++++++++++++++---
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/packages/brain/src/index.ts b/packages/brain/src/index.ts
index d7daf70e..5bb24d82 100644
--- a/packages/brain/src/index.ts
+++ b/packages/brain/src/index.ts
@@ -64,7 +64,10 @@ export const brainDb = new BrainDataBase(
 );
 
 // Start server APIs
-const uiServer = startUiServer(path.resolve(__dirname, params.uiBuildDirName));
+const uiServer = startUiServer(
+  path.resolve(__dirname, params.uiBuildDirName),
+  network
+);
 const launchpadServer = startLaunchpadApi();
 
 await brainDb.initialize(signerApi, validatorApi);
diff --git a/packages/brain/src/modules/apiServers/ui/index.ts b/packages/brain/src/modules/apiServers/ui/index.ts
index 4b23c343..3462472a 100644
--- a/packages/brain/src/modules/apiServers/ui/index.ts
+++ b/packages/brain/src/modules/apiServers/ui/index.ts
@@ -1,4 +1,4 @@
-import { RpcPayload, RpcResponse } from "@stakingbrain/common";
+import { Network, RpcPayload, RpcResponse } from "@stakingbrain/common";
 import cors from "cors";
 import express from "express";
 import path from "path";
@@ -9,7 +9,10 @@ import * as routes from "../../../calls/index.js";
 import http from "http";
 import { params } from "../../../params.js";
 
-export function startUiServer(uiBuildPath: string): http.Server {
+export function startUiServer(
+  uiBuildPath: string,
+  network: Network
+): http.Server {
   const app = express();
   const server = http.createServer(app);
 
@@ -50,7 +53,17 @@ export function startUiServer(uiBuildPath: string): http.Server {
   });
 
   // Express
-  app.use(cors());
+  const allowedOrigins = [
+    "http://my.dappnode",
+    `http://brain.web3signer${
+      network === "mainnet" ? "" : "-" + network
+    }.dappnode`,
+  ];
+  app.use(
+    cors({
+      origin: allowedOrigins,
+    })
+  );
   app.use(express.json());
   app.use(express.static(uiBuildPath));
   app.get("*", (req, res) => {