[PR #4430] [MERGED] chore(backend): configure CORS for development and production environments #4795

New issue

Closed

opened 2026-03-17 02:17:52 +03:00 by kerem · 0 comments

kerem commented

2026-03-17 02:17:52 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/hoppscotch/hoppscotch/pull/4430
Author: @ZenMachina16
Created: 10/12/2024
Status: ✅ Merged
Merged: 5/14/2025
Merged by: @jamesgeorge007

Base: next ← Head: opensrc_contrib

📝 Commits (2)

3fd6649 Configured CORS for Development and Production
c1e4566 refactor: enableCors function

📊 Changes

1 file changed (+6 additions, -7 deletions)

View changed files

📝 packages/hoppscotch-backend/src/main.ts (+6 -7)

📄 Description

Closes #4199

Introduction

This pull request addresses the issue of identical CORS settings being used in both development and production environments. It refines the logic in the backend to differentiate the CORS configuration based on the environment (development vs. production).

What's changed

Modified CORS settings: Updated the if and else blocks in the file hoppscotch-backend/src/main.ts to ensure the CORS settings are differentiated for development and production.
- In development (if block), more permissive CORS settings are applied for easier testing.
- In production (else block), restricted CORS settings are applied to enhance security.
Code cleanup: Removed redundant code that caused identical settings to be applied for both environments.

Notes to reviewers

The changes maintain backward compatibility by ensuring the development environment retains flexibility while securing the production environment.
Tested locally to ensure proper CORS behavior for both environments.
Let me know if additional changes are needed, or if there are any specific configurations you'd like to refine further!

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/hoppscotch/hoppscotch/pull/4430 **Author:** [@ZenMachina16](https://github.com/ZenMachina16) **Created:** 10/12/2024 **Status:** ✅ Merged **Merged:** 5/14/2025 **Merged by:** [@jamesgeorge007](https://github.com/jamesgeorge007) **Base:** `next` ← **Head:** `opensrc_contrib` --- ### 📝 Commits (2) - [`3fd6649`](https://github.com/hoppscotch/hoppscotch/commit/3fd66491cbb8bc60e66ef969af505360153dfbd6) Configured CORS for Development and Production - [`c1e4566`](https://github.com/hoppscotch/hoppscotch/commit/c1e4566e1979d761d05e8fa7837ecc4b5f1db62e) refactor: enableCors function ### 📊 Changes **1 file changed** (+6 additions, -7 deletions) <details> <summary>View changed files</summary> 📝 `packages/hoppscotch-backend/src/main.ts` (+6 -7) </details> ### 📄 Description Closes #4199 ### Introduction This pull request addresses the issue of identical CORS settings being used in both development and production environments. It refines the logic in the backend to differentiate the CORS configuration based on the environment (development vs. production). ### What's changed - [x] **Modified CORS settings**: Updated the `if` and `else` blocks in the file `hoppscotch-backend/src/main.ts` to ensure the CORS settings are differentiated for development and production. - In development (`if` block), more permissive CORS settings are applied for easier testing. - In production (`else` block), restricted CORS settings are applied to enhance security. - [x] **Code cleanup**: Removed redundant code that caused identical settings to be applied for both environments. ### Notes to reviewers - The changes maintain backward compatibility by ensuring the development environment retains flexibility while securing the production environment. - Tested locally to ensure proper CORS behavior for both environments. - Let me know if additional changes are needed, or if there are any specific configurations you'd like to refine further! --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>