Skip to content

Feature: Add CORS configuration documentation and validation #82

Open
Open
Feature: Add CORS configuration documentation and validation#82
Labels
Stellar WaveIssues in the Stellar wave programapiREST API componenteasyDifficulty: EasyenhancementNew feature or request
@Smartdevs17

Description

@Smartdevs17
Smartdevs17
opened on Mar 21, 2026

Problem

CORS is enabled via cors() in api/src/app.ts with default settings (allows all origins). No documentation on how to restrict origins for production.

Context

Allowing all origins in production is a security risk. Production should only allow specific frontend domains.

Proposed Solution

  1. Make CORS origins configurable via env var
  2. Default to restrictive in production
  3. Document CORS configuration in README

Acceptance Criteria

  • CORS origins configurable via ALLOWED_ORIGINS env var
  • Default: allow all in development, restrict in production
  • Documentation updated
  • Tests verify CORS headers

Technical Notes

  • File: api/src/app.ts (CORS setup)

Constraints

  • Must support multiple origins (comma-separated list)

Metadata

Metadata

Assignees

No one assigned

    Labels

    Stellar WaveIssues in the Stellar wave programapiREST API componenteasyDifficulty: EasyenhancementNew feature or request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions