Can't configure Express cors to work with peer server

[Ib-R]

I'm having an issue:

• I have peer server running with express, CORS middleware and it works with all routes except the peer server.
• Running peer version "0.5.3"
• Nodejs version "12.14.1"
• The platform "Windows 10"
• This is how the server code look

const corsOptions = {
	origin: "https://mydomain.com",
	optionsSuccessStatus: 200,
};

const peerServer = ExpressPeerServer(httpsServer, {
	debug: true,
	path: "/",
});

app.use(cors(corsOptions));
app.use("/", peerServer);

app.get('/test', (req, res, next) => {
	res.json({hello: 123});
})

httpsServer.listen(port);

• I get no error messages, just the CORS header is set to "*" which is the default

I have a suggestion:

• It would be a good idea if there's a way to configure the CORS for the peer server
• I tried to edit the index.js file inside (peer/dist/src/api) and added the CORS options and it did work

exports.Api = ({ config, realm, messageHandler }) => {
    const authMiddleware = new auth_1.AuthMiddleware(config, realm);
    const app = express_1.default.Router();
    const jsonParser = body_parser_1.default.json();
    app.use(cors_1.default({
	origin: "https://mydomain.com",
	optionsSuccessStatus: 200,
}));
    app.get("/", (_, res) => {
        res.send(app_json_1.default);
    });
    app.use("/:key", public_1.default({ config, realm }));
    app.use("/:key/:id/:token", authMiddleware.handle, jsonParser, calls_1.default({ realm, messageHandler }));
    return app;
};

[sunshinecool]

Can you elaborate on your frontend, app server and peerjs server setup? If you want to enable your domain to call the peerjs server, you need to enable CORS on your app server as well.

[Ib-R]

I'm trying to enable CORS on my server so no one can access it but my own front-end app and the configuration works as expected only the peer signaling doesn't respect it.

[sunshinecool]

I would suggest adding authentication to your app instead of using cors, its easy to fake the origin header to seem like your frontend is sending requests. But this is a legit usecase, I wonder where the cors rules is enforced in express, if it happens before routing the requests (in app) this should have worked, but doesn't seem to be the case. Maybe worth looking at express codebase. I am just shooting in the dark at this point.

[Ib-R]

@sunshinecool thnx for your response, am just trying to add extra layer of security and as u can see in my code snippet the CORS does work for any route actually but the peer library override it that's the problem

[afrokick]

As @xenoterracide suggested in #221, we can add --cors flag, will it works?

[xenoterracide]

and of course then add that to the docker container...

[github-actions]

🎉 This issue has been resolved in version 1.0.0-rc.10 🎉

The release is available on:

• npm package (@rc dist-tag)
• GitHub release
• v1.0.0-rc.10

Your semantic-release bot 📦🚀

[jonasgloning]

You can now pass your corsOptions object with the corsOptions property of the config object.

const peerServer = ExpressPeerServer(httpsServer, {
	debug: true,
	path: "/",
        corsOptions
});

[github-actions]

🎉 This issue has been resolved in version 1.0.0 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release
• v1.0.0

Your semantic-release bot 📦🚀