asyavee/medusa-store
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

docs: made changes to CORS usage/config (#2784)

Browse Source
This commit is contained in:
Shahed Nasser
2022-12-13 12:32:51 +02:00
committed by GitHub
parent 5fab104b35
commit 76d35a1350
2 changed files with 35 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
docs/content/advanced/backend/endpoints/add.md
View File

@@ -46,14 +46,28 @@ You can also create endpoints that don't reside under these two prefixes, simila
If youre adding a storefront or admin endpoint and you want to access these endpoints from the storefront or Medusa admin, you need to pass your endpoints Cross-Origin Resource Origin (CORS) options using the `cors` package.
First, you need to import your Medusa configurations along with the `cors` library:
First, you need to import the necessary utility functions and types from Medusa's packages with the `cors` library:
```ts
import { getConfigFile, parseCorsOrigins } from "medusa-core-utils"
import { ConfigModule } from "@medusajs/medusa/dist/types/global"
import cors from "cors"
import { projectConfig } from "../../medusa-config"
```
Then, create an object that will hold the Cross-Origin Resource Sharing (CORS) configurations. If its a storefront endpoint, pass the `origin` property storefront options:
Next, in the exported function, retrieve the CORS configurations of your server using the utility functions you imported:
```ts
export default (rootDirectory) => {
//...
const { configModule } = getConfigFile<ConfigModule>(rootDirectory, "medusa-config")
const { projectConfig } = configModule
//....
}
```
Then, create an object that will hold the CORS configurations. If its a storefront endpoint, pass the `origin` property storefront options:
```ts
const corsOptions = {
@@ -71,7 +85,7 @@ const corsOptions = {
}
```
Finally, for each route you add, create an `OPTIONS` request and add `cors` as a middleware for the route:
Finally, for each route you add, create an `OPTIONS` request and add `cors` as a middleware for the route passing it the CORS option:
```ts
router.options("/admin/hello", cors(corsOptions))

21
docs/content/usage/configurations.md
View File

@@ -194,9 +194,22 @@ In a development environment, if this option is not set the default secret is
:::
## Admin CORS
## CORS Configurations
Medusa uses Cross-Origin Resource Sharing (CORS) to only allow specific origins to access the server. To make sure your Admin dashboard can access the Medusa servers admin endpoints, set this configuration:
Medusa uses Cross-Origin Resource Sharing (CORS) to only allow specific origins to access the server.
The Admin and the Storefront have different CORS configurations that must be configured.
### Accepted Patterns
For both of the Admin and the Storefront CORS configurations, the value is expected to be a string. This string can be a comma-separated list of accepted origins. Every origin in that list can be of the following types:
1. The accepted origin as is. For example, `http://localhost:8000`.
2. A regular expression pattern that can match more than one origin. For example, `*.example.com`. The regex pattern that the server tests for is `^([\/~@;%#'])(.*?)\1([gimsuy]*)$`.
### Admin CORS
To make sure your Admin dashboard can access the Medusa servers admin endpoints, set this configuration:
```jsx
module.exports = {
@@ -223,9 +236,9 @@ Make sure that the URL is without a backslash at the end. For example, you shoul
:::
## Storefront CORS
### Storefront CORS
Medusa uses CORS to only allow specific origins to access the server. To make sure your Storefront dashboard can access the Medusa server, set this configuration:
To make sure your Storefront dashboard can access the Medusa server, set this configuration:
```jsx
module.exports = {