Parameterizing allowed origins

Author: RobFaustLZ

package.json

@@ -1,6 +1,6 @@
 {
   "name": "labelzoom-cf-api-proxy",
-  "version": "1.0.5",
+  "version": "1.0.6",
   "private": true,
   "scripts": {
     "deploy": "wrangler deploy",

src/cors.ts

@@ -5,22 +5,15 @@ const corsHeaders = {
 	"Access-Control-Allow-Credentials": "true",
 };
 
-const corsValidOrigins = [
-	'https://labelzoom.net',
-	'https://www.labelzoom.net',
-	'https://api.labelzoom.net',
-	// 'http://localhost:3000',
-];
-
 /**
  * Handle OPTIONS request for CORS
  * @param request 
  * @returns 
  */
-export async function handleOptions(request: Request): Promise<Response> {
+export async function handleOptions(request: Request, env: Env): Promise<Response> {
 	const origin = request.headers.get("Origin") ?? '';
 
-	if (!corsValidOrigins.includes(origin)) {
+	if (!env.LZ_ALLOWED_ORIGINS.includes(origin)) {
 		return new Response(`Origin ${origin} not allowed`, { status: 403 });
 	}
 

src/index.ts

@@ -96,7 +96,7 @@ export default {
 		if (url.pathname.startsWith('/api/')) {
 			if (request.method === "OPTIONS") {
 				// Handle CORS preflight requests
-				return handleOptions(request);
+				return handleOptions(request, env);
 			}
 			if (url.pathname.startsWith('/api/v2/convert/')) {
 				return responseWithAllowOrigin(

worker-configuration.d.ts

@@ -1,6 +1,7 @@
 // Generated by Wrangler
 // After adding bindings to `wrangler.toml`, regenerate this interface via `npm run cf-typegen`
 interface Env {
+    LZ_ALLOWED_ORIGINS: string[];
     LZ_LOG_SAMPLE_RATE: number;
     LZ_PROD_API_BASE_URL: string;
     LZ_PROD_API_SECRET_KEY: string;

wrangler.toml

@@ -23,23 +23,39 @@ cpu_ms = 100
 # Note: Use secrets to store sensitive data.
 # - https://developers.cloudflare.com/workers/configuration/secrets/
 [vars]
+LZ_ALLOWED_ORIGINS = [
+    'https://labelzoom.net',
+	'https://www.labelzoom.net'
+]
 LZ_LOG_SAMPLE_RATE = 1.0
 LZ_PROD_API_BASE_URL = "https://api-backend.labelzoom.net"
 # LZ_PROD_API_SECRET_KEY = <SECRET>
 
 [env.beta.vars]
+LZ_ALLOWED_ORIGINS = [
+    'https://labelzoom.net',
+	'https://www.labelzoom.net'
+]
 LZ_LOG_SAMPLE_RATE = 1.0
 LZ_PROD_API_BASE_URL = "https://api-backend.labelzoom.net"
 [env.beta.limits]
 cpu_ms = 100
 
 [env.public.vars]
+LZ_ALLOWED_ORIGINS = [
+    'https://labelzoom.net',
+	'https://www.labelzoom.net'
+]
 LZ_LOG_SAMPLE_RATE = 0.0
 LZ_PROD_API_BASE_URL = "https://api-backend.labelzoom.net"
 [env.public.limits]
 cpu_ms = 100
 
 [env.eus1.vars]
+LZ_ALLOWED_ORIGINS = [
+    'https://labelzoom.net',
+	'https://www.labelzoom.net'
+]
 LZ_LOG_SAMPLE_RATE = 0.0
 LZ_PROD_API_BASE_URL = "https://prod-api-eus1-backend.labelzoom.net"
 [env.eus1.limits]
@@ -48,7 +64,11 @@ cpu_ms = 100
 # mode = "smart"
 
 [env.eus2.vars]
-LZ_LOG_SAMPLE_RATE = 0.0
+LZ_ALLOWED_ORIGINS = [
+    'https://labelzoom.net',
+	'https://www.labelzoom.net'
+]
+LZ_LOG_SAMPLE_RATE = 0.001
 LZ_PROD_API_BASE_URL = "https://prod-api-eus2-backend.labelzoom.net"
 [env.eus2.limits]
 cpu_ms = 100