Files
Giuliano Silvestro 741692c7d7 Broaden dev CORS to any localhost port
skyai-cloud's Vite dev server hops ports (5173 -> 5174 -> ...) when one
is taken, so a fixed localhost:5173 allowlist breaks the browser's
cross-origin calls. Allow any http://localhost:<port> in dev; the
*.sky-ai.com rule is unchanged for deployed origins.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-20 18:09:13 +10:00

58 lines
1.7 KiB
Elixir

defmodule ArcadiaCloudWeb.Endpoint do
use Phoenix.Endpoint, otp_app: :arcadia_cloud
# The session will be stored in the cookie and signed,
# this means its contents can be read but not tampered with.
# Set :encryption_salt if you would also like to encrypt it.
@session_options [
store: :cookie,
key: "_arcadia_cloud_key",
signing_salt: "Ia2pTcnv",
same_site: "Lax"
]
# socket "/live", Phoenix.LiveView.Socket,
# websocket: [connect_info: [session: @session_options]],
# longpoll: [connect_info: [session: @session_options]]
# Serve at "/" the static files from "priv/static" directory.
#
# When code reloading is disabled (e.g., in production),
# the `gzip` option is enabled to serve compressed
# static files generated by running `phx.digest`.
plug Plug.Static,
at: "/",
from: :arcadia_cloud,
gzip: not code_reloading?,
only: ArcadiaCloudWeb.static_paths(),
raise_on_missing_only: code_reloading?
# Code reloading can be explicitly enabled under the
# :code_reloader configuration of your endpoint.
if code_reloading? do
plug Phoenix.CodeReloader
plug Phoenix.Ecto.CheckRepoStatus, otp_app: :arcadia_cloud
end
plug Plug.RequestId
plug Plug.Telemetry, event_prefix: [:phoenix, :endpoint]
plug Plug.Parsers,
parsers: [:urlencoded, :multipart, :json],
pass: ["*/*"],
json_decoder: Phoenix.json_library()
plug Plug.MethodOverride
plug Plug.Head
plug Plug.Session, @session_options
plug CORSPlug,
origin: [
# any localhost port — Vite dev servers hop ports when one is taken
~r{^http://localhost:\d+$},
~r{^https://.*\.sky-ai\.com$}
]
plug ArcadiaCloudWeb.Router
end