From 7d7c18a7afa3b04fcae5587f585ed94f68862ae4 Mon Sep 17 00:00:00 2001
From: Jaco Koster <jaco.koster@gmail.com>
Date: Fri, 14 Jul 2023 15:37:21 +0200
Subject: [PATCH] Fix: CORS logging issue #1576

---
 .../src/views/security/Settings.js            |  2 +-
 src/cors.ts                                   | 23 ++++---------------
 2 files changed, 5 insertions(+), 20 deletions(-)

diff --git a/packages/server-admin-ui/src/views/security/Settings.js b/packages/server-admin-ui/src/views/security/Settings.js
index a428ae36e..df317666f 100644
--- a/packages/server-admin-ui/src/views/security/Settings.js
+++ b/packages/server-admin-ui/src/views/security/Settings.js
@@ -215,7 +215,7 @@ class Settings extends Component {
                           by configuring allowed CORS origins below. The host
                           where this page is loaded from is automatically
                           included in the allowed CORS origins so that the Admin
-                          UI continues to work.
+                          UI continues to work. Changes to the Allowed CORS origins requires a server restart.
                         </Label>
                       </Col>
                     </FormGroup>{' '}
diff --git a/src/cors.ts b/src/cors.ts
index 27c261201..587e4df92 100644
--- a/src/cors.ts
+++ b/src/cors.ts
@@ -1,11 +1,8 @@
 import { IRouter } from 'express'
 import { createDebug } from './debug'
-// eslint-disable-next-line @typescript-eslint/no-unused-vars
-import { ACL, Device, SecurityConfig } from './security'
+import { SecurityConfig } from './security'
 import cors, { CorsOptions } from 'cors'
 
-type OriginCallback = (err: Error | null, origin?: string) => void
-
 export function setupCors(
   app: IRouter,
   { allowedCorsOrigins }: SecurityConfig
@@ -18,23 +15,11 @@ export function setupCors(
         .map((s: string) => s.trim().replace(/\/*$/, ''))
     : []
   corsDebug(`corsOrigins:${corsOrigins.toString()}`)
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
   const corsOptions: CorsOptions = {
-    credentials: true
-  }
-  if (corsOrigins.length) {
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    corsOptions.origin = (origin: string | undefined, cb: OriginCallback) => {
-      if (origin === undefined || corsOrigins.indexOf(origin) >= 0) {
-        corsDebug(`${origin} OK`)
-        cb(null, origin)
-      } else {
-        const errorMsg = `${origin} not allowed`
-        corsDebug(errorMsg)
-        cb(new Error(errorMsg))
-      }
-    }
+    credentials: true,
+    origin: allowedCorsOrigins
   }
+
   app.use(cors(corsOptions))
 }