Refactor CORS configuration to allow all origins and remove ALLOWED_ORIGINS…

Refactor CORS configuration to allow all origins and remove ALLOWED_ORIGINS environment variable from backend configurations in .gitlab-ci.yml and docker-compose.yml. Update ECS task definition to eliminate ALLOWED_ORIGINS entry for improved security and simplicity.

.gitlab-ci.yml

@@ -70,7 +70,6 @@ deploy_backend_staging:
     app_pg_db_user: postgres
     app_pg_db_pass: $v_app_pg_db_pass
     app_pg_db_host: "database-1.cluaoqcku0pd.ap-south-1.rds.amazonaws.com"
-    allowed_origins: ${ALLOWED_ORIGINS:-https://spin-wheel-frontend-staging.dev.kacdn.net}
     ecs_task_definition: ${ecs_task_definition_backend}
     ecs_definition: ${ecs_task_definition_backend}
     ecs_entrypoint: app:5000

backend/src/index.ts

@@ -11,30 +11,9 @@ dotenv.config()
 const app = express()
 const PORT = process.env.PORT || 5000
 
-// CORS configuration - allow dynamic frontend URL
+// CORS configuration - allow all origins
 const corsOptions = {
-  origin: function (origin: string | undefined, callback: (err: Error | null, allow?: boolean) => void) {
-    // Allow requests with no origin (like mobile apps or curl requests)
-    if (!origin) return callback(null, true)
-    
-    // Get allowed origins from environment variable or use default
-    const allowedOrigins = process.env.ALLOWED_ORIGINS 
-      ? process.env.ALLOWED_ORIGINS.split(',').map(o => o.trim())
-      : ['http://localhost:3000', 'http://localhost:5173']
-    
-    // Check if origin is allowed
-    if (allowedOrigins.includes(origin) || allowedOrigins.includes('*')) {
-      callback(null, true)
-    } else {
-      // For production, you might want to be more strict
-      // For development, allow all origins
-      if (process.env.NODE_ENV === 'development') {
-        callback(null, true)
-      } else {
-        callback(new Error('Not allowed by CORS'))
-      }
-    }
-  },
+  origin: true, // Allow all origins
   credentials: true,
   optionsSuccessStatus: 200
 }

config/ecs-task-definition-backend.json

@@ -28,8 +28,7 @@
         { "name": "DB_PORT", "value": "5432" },
         { "name": "DB_USERNAME", "value": "{{app_pg_db_user}}" },
         { "name": "DB_PASSWORD", "value": "{{app_pg_db_pass}}" },
-        { "name": "DB_DATABASE", "value": "{{app_pg_db_name}}" },
-        { "name": "ALLOWED_ORIGINS", "value": "{{allowed_origins}}" }
+        { "name": "DB_DATABASE", "value": "{{app_pg_db_name}}" }
       ],
       "logConfiguration": {
         "logDriver": "awslogs",

docker-compose.yml

@@ -12,7 +12,6 @@ services:
       - NODE_ENV=production
       - PORT=5000
       - DATABASE_URL=${DATABASE_URL}
-      - ALLOWED_ORIGINS=${ALLOWED_ORIGINS:-*}
     restart: unless-stopped
     networks:
       - spin-wheel-network