diff --git a/src/app.ts b/src/app.ts index bdd67a0..dd75170 100644 --- a/src/app.ts +++ b/src/app.ts @@ -50,15 +50,29 @@ const allowedOrigins = Array.from( app.use( cors({ origin: function (origin: string | undefined, callback: (err: Error | null, allow?: boolean) => void) { - if (!origin || allowedOrigins.includes(origin)) { - callback(null, true); - } else { - callback(new Error('Not allowed by CORS')); + // Allow requests with no origin (like mobile apps or curl requests) + if (!origin) { + return callback(null, true); } + + // Check if origin is in allowed list + if (allowedOrigins.includes(origin)) { + return callback(null, true); + } + + // For development, allow all localhost origins + if (process.env.NODE_ENV !== 'production' && origin.includes('localhost')) { + return callback(null, true); + } + + // Log blocked origins for debugging + console.log('Blocked origin:', origin); + callback(new Error('Not allowed by CORS')); }, credentials: true, - methods: ['GET', 'POST', 'PUT', 'DELETE', 'PATCH'], - allowedHeaders: ['Content-Type', 'Authorization', 'Cookie'] + methods: ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'], + allowedHeaders: ['Content-Type', 'Authorization', 'Cookie', 'X-Requested-With'], + exposedHeaders: ['Set-Cookie'] }) ); diff --git a/src/controllers/user.controller.ts b/src/controllers/user.controller.ts index b904b5b..8144795 100644 --- a/src/controllers/user.controller.ts +++ b/src/controllers/user.controller.ts @@ -242,18 +242,18 @@ export const loginUser = catchAsync(async (req: Request, res: Response, next: Ne export const logoutUser = catchAsync(async (req: Request, res: Response, next: NextFunction) => { res.cookie('access_token', '', { - domain: '.vercel.app', - secure: true, - sameSite: 'none', + secure: process.env.NODE_ENV === 'production', + sameSite: process.env.NODE_ENV === 'production' ? 'none' : 'lax', httpOnly: true, - maxAge: 1 + maxAge: 1, + path: '/' }); res.cookie('refresh_token', '', { - domain: '.vercel.app', - secure: true, - sameSite: 'none', + secure: process.env.NODE_ENV === 'production', + sameSite: process.env.NODE_ENV === 'production' ? 'none' : 'lax', httpOnly: true, - maxAge: 1 + maxAge: 1, + path: '/' }); const userId = req.user?._id || ''; diff --git a/src/utils/jwt.ts b/src/utils/jwt.ts index 8d5c5ef..30802a8 100644 --- a/src/utils/jwt.ts +++ b/src/utils/jwt.ts @@ -9,6 +9,7 @@ interface ITokenOptions { sameSite: 'lax' | 'strict' | 'none' | boolean; secure?: boolean; path?: string; + domain?: string; } const isProd = process.env.NODE_ENV === 'production'; @@ -23,8 +24,8 @@ export const accessTokenOptions: ITokenOptions = { httpOnly: true, secure: isProd, path: '/', - sameSite: process.env.NODE_ENV === 'production' ? 'none' : 'lax' - // secure: process.env.NODE_ENV === 'production', + sameSite: process.env.NODE_ENV === 'production' ? 'none' : 'lax', + domain: process.env.NODE_ENV === 'production' ? undefined : undefined // Let browser set domain automatically }; export const refreshTokenOptions: ITokenOptions = { @@ -33,7 +34,8 @@ export const refreshTokenOptions: ITokenOptions = { httpOnly: true, secure: isProd, path: '/', - sameSite: process.env.NODE_ENV === 'production' ? 'none' : 'lax' + sameSite: process.env.NODE_ENV === 'production' ? 'none' : 'lax', + domain: process.env.NODE_ENV === 'production' ? undefined : undefined // Let browser set domain automatically }; export const sendToken = (user: UserT, statusCode: number, res: Response) => {