add

2026-01-14 04:33:21 +00:00 · 2026-01-14 04:33:21 +00:00 · e7ea035a9e
commit e7ea035a9e
parent 563564ee58
2 changed files with 22 additions and 6 deletions
--- a/Backend/src/app.ts
+++ b/Backend/src/app.ts
@ -11,10 +11,25 @@ import { RegisterRoutes } from './routes/routes';
 export function createApp(): Application {
    const app = express();

-    // Security middleware
-    app.use(helmet());
+    // Security middleware - Disable CSP for Swagger UI
+    app.use(helmet({
+        contentSecurityPolicy: false
+    }));
+
+    // CORS - Allow multiple origins
+    const allowedOrigins = config.cors.origin.split(',').map(o => o.trim());
    app.use(cors({
-        origin: config.cors.origin,
+        origin: (origin, callback) => {
+            // Allow requests with no origin (like mobile apps, Postman, curl)
+            if (!origin) return callback(null, true);
+
+            // Check if origin is allowed
+            if (allowedOrigins.includes('*') || allowedOrigins.includes(origin)) {
+                callback(null, true);
+            } else {
+                callback(new Error('Not allowed by CORS'));
+            }
+        },
        credentials: true
    }));