-2

package.json

··· 22 22 "@atproto/syntax": "^0.3.0", 23 23 "@atproto/xrpc-server": "0.5.4-rc.0", 24 24 "better-sqlite3": "^11.1.2", 25 25 - "cors": "^2.8.5", 26 25 "dotenv": "^16.4.5", 27 26 "envalid": "^8.0.0", 28 27 "express": "^4.19.2", ··· 39 38 "devDependencies": { 40 39 "@atproto/lex-cli": "^0.4.1", 41 40 "@types/better-sqlite3": "^7.6.11", 42 42 - "@types/cors": "^2.8.17", 43 41 "@types/express": "^4.17.21", 44 42 "pino-pretty": "^11.0.0", 45 43 "rimraf": "^5.0.0",

-1

src/env.ts

··· 13 13 PUBLIC_URL: str({}), 14 14 DB_PATH: str({ devDefault: ':memory:' }), 15 15 COOKIE_SECRET: str({ devDefault: '00000000000000000000000000000000' }), 16 16 - CORS_ORIGIN: str({ devDefault: testOnly('http://localhost:3000') }), 17 16 COMMON_RATE_LIMIT_MAX_REQUESTS: num({ devDefault: testOnly(1000) }), 18 17 COMMON_RATE_LIMIT_WINDOW_MS: num({ devDefault: testOnly(1000) }), 19 18 })

-2

src/server.ts

··· 1 1 import events from 'node:events' 2 2 import type http from 'node:http' 3 3 - import cors from 'cors' 4 3 import express, { type Express } from 'express' 5 4 import helmet from 'helmet' 6 5 import { pino } from 'pino' ··· 51 50 // Middlewares 52 51 app.use(express.json()) 53 52 app.use(express.urlencoded({ extended: true })) 54 54 - app.use(cors({ origin: env.CORS_ORIGIN, credentials: true })) 55 53 app.use( 56 54 helmet({ 57 55 contentSecurityPolicy: {