feat(cors): whitelisting is configurable through .env variables

api/.env.example

@@ -1,10 +1,10 @@
 MODE=[desktop|server] default considered as desktop
-CORS=[disable|enable] default considered as disable
+CORS=[disable|enable] default considered as disable for server MODE & enable for desktop MODE
+WHITELIST=<space separated urls, each starting with 'http'>
 PROTOCOL=[http|https] default considered as http
 PRIVATE_KEY=privkey.pem
 FULL_CHAIN=fullchain.pem
 PORT=[5000] default value is 5000
-PORT_WEB=[port for sasjs web component(react)] default value is 3000
 ACCESS_TOKEN_SECRET=<secret>
 REFRESH_TOKEN_SECRET=<secret>
 AUTH_CODE_SECRET=<secret>

api/src/app.ts

@@ -16,13 +16,14 @@ dotenv.config()
 
 const app = express()
 
-const { MODE, CORS, PORT_WEB } = process.env
-const whiteList = [
-  `http://localhost:${PORT_WEB ?? 3000}`,
-  'https://sas.analytium.co.uk:8343'
-]
+const { MODE, CORS, WHITELIST } = process.env
 
 if (MODE?.trim() !== 'server' || CORS?.trim() === 'enable') {
+  const whiteList: string[] = []
+  WHITELIST?.split(' ')?.forEach((url) => {
+    if (url.startsWith('http')) whiteList.push(url)
+  })
+
   console.log('All CORS Requests are enabled')
   app.use(cors({ credentials: true, origin: whiteList }))
 }