From c9c7402606f11ae0b161b3d6d28f618b2430511b Mon Sep 17 00:00:00 2001
From: Vaibhav Tupe <tech.intern@myriadcara.com>
Date: Tue, 24 Feb 2026 11:29:04 +0530
Subject: [PATCH] change cors error

---
 src/server.js | 31 +++++++++++++++++++------------
 1 file changed, 19 insertions(+), 12 deletions(-)

diff --git a/src/server.js b/src/server.js
index 486484a..d05fd56 100644
--- a/src/server.js
+++ b/src/server.js
@@ -1,6 +1,6 @@
 require('dotenv').config();
-// import uploadRoutes from "./routes/upload.routes"; 
-const uploadRoutes = require("./routes/upload.routes");
+// import uploadRoutes from "./routes/upload.routes";
+const uploadRoutes = require('./routes/upload.routes');
 
 const express = require('express');
 const cors = require('cors');
@@ -25,14 +25,22 @@ app.use(
   })
 );
 
-// CORS configuration
+// CORS configuration (ONLY from .env)
+const allowedOrigins = process.env.CORS_ORIGIN
+  ? process.env.CORS_ORIGIN.split(',').map(origin => origin.trim())
+  : [];
+
 const corsOptions = {
-  origin: process.env.CORS_ORIGIN?.split(',') || [
-    'http://localhost:3000',
-    'http://localhost:3001',
-    'http://localhost:5173',
-    'http://localhost:5174',
-  ],
+  origin: function (origin, callback) {
+    // Allow requests with no origin (like Postman, mobile apps)
+    if (!origin) return callback(null, true);
+
+    if (allowedOrigins.includes(origin)) {
+      callback(null, true);
+    } else {
+      callback(new Error('Not allowed by CORS'));
+    }
+  },
   credentials: true,
   methods: ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'],
   allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With'],
@@ -66,15 +74,14 @@ app.use('/api/users', require('./routes/users'));
 app.use('/api/products', require('./routes/products'));
 app.use('/api/orders', require('./routes/orders'));
 app.use('/api/wardrobe', require('./routes/wardrobe'));
-app.use('/api/delivery',  require('./routes/deliveryRoutes'));
+app.use('/api/delivery', require('./routes/deliveryRoutes'));
 app.use('/api/coupons', require('./routes/couponRoutes'));
 app.use('/api/admin', require('./routes/admin'));
 
 app.use('/api/admin/reports', require('./routes/reports'));
 app.use('/api/payments', require('./routes/paymentRoutes'));
 // Upload route
-app.use("/api", uploadRoutes);
-
+app.use('/api', uploadRoutes);
 
 // Root endpoint
 app.get('/', (req, res) => {