diff --git a/docs/content/advanced/backend/endpoints/add.md b/docs/content/advanced/backend/endpoints/add.md index 39738ee6d2..86a204143b 100644 --- a/docs/content/advanced/backend/endpoints/add.md +++ b/docs/content/advanced/backend/endpoints/add.md @@ -46,14 +46,28 @@ You can also create endpoints that don't reside under these two prefixes, simila If you’re adding a storefront or admin endpoint and you want to access these endpoints from the storefront or Medusa admin, you need to pass your endpoints Cross-Origin Resource Origin (CORS) options using the `cors` package. -First, you need to import your Medusa configurations along with the `cors` library: +First, you need to import the necessary utility functions and types from Medusa's packages with the `cors` library: ```ts +import { getConfigFile, parseCorsOrigins } from "medusa-core-utils" +import { ConfigModule } from "@medusajs/medusa/dist/types/global" import cors from "cors" -import { projectConfig } from "../../medusa-config" ``` -Then, create an object that will hold the Cross-Origin Resource Sharing (CORS) configurations. If it’s a storefront endpoint, pass the `origin` property storefront options: +Next, in the exported function, retrieve the CORS configurations of your server using the utility functions you imported: + +```ts +export default (rootDirectory) => { + //... + + const { configModule } = getConfigFile(rootDirectory, "medusa-config") + const { projectConfig } = configModule + + //.... +} +``` + +Then, create an object that will hold the CORS configurations. If it’s a storefront endpoint, pass the `origin` property storefront options: ```ts const corsOptions = { @@ -71,7 +85,7 @@ const corsOptions = { } ``` -Finally, for each route you add, create an `OPTIONS` request and add `cors` as a middleware for the route: +Finally, for each route you add, create an `OPTIONS` request and add `cors` as a middleware for the route passing it the CORS option: ```ts router.options("/admin/hello", cors(corsOptions)) diff --git a/docs/content/usage/configurations.md b/docs/content/usage/configurations.md index b4bdebcce9..5e2d1b59bc 100644 --- a/docs/content/usage/configurations.md +++ b/docs/content/usage/configurations.md @@ -194,9 +194,22 @@ In a development environment, if this option is not set the default secret is ::: -## Admin CORS +## CORS Configurations -Medusa uses Cross-Origin Resource Sharing (CORS) to only allow specific origins to access the server. To make sure your Admin dashboard can access the Medusa server’s admin endpoints, set this configuration: +Medusa uses Cross-Origin Resource Sharing (CORS) to only allow specific origins to access the server. + +The Admin and the Storefront have different CORS configurations that must be configured. + +### Accepted Patterns + +For both of the Admin and the Storefront CORS configurations, the value is expected to be a string. This string can be a comma-separated list of accepted origins. Every origin in that list can be of the following types: + +1. The accepted origin as is. For example, `http://localhost:8000`. +2. A regular expression pattern that can match more than one origin. For example, `*.example.com`. The regex pattern that the server tests for is `^([\/~@;%#'])(.*?)\1([gimsuy]*)$`. + +### Admin CORS + +To make sure your Admin dashboard can access the Medusa server’s admin endpoints, set this configuration: ```jsx module.exports = { @@ -223,9 +236,9 @@ Make sure that the URL is without a backslash at the end. For example, you shoul ::: -## Storefront CORS +### Storefront CORS -Medusa uses CORS to only allow specific origins to access the server. To make sure your Storefront dashboard can access the Medusa server, set this configuration: +To make sure your Storefront dashboard can access the Medusa server, set this configuration: ```jsx module.exports = {