Enable CORS for frontend origin https://idweb3.sliplane.app

[Copilot]

Configures CORS middleware to allow the frontend at https://idweb3.sliplane.app to access the backend API.

Changes

• CORS middleware (backend/src/server.js): Configured with cors package using CORS_ORIGIN environment variable (defaults to https://idweb3.sliplane.app)
• Allowed headers: Content-Type, Authorization, X-Requested-With
• Preflight handling: OPTIONS requests return 204 via app.options('*', cors(corsOptions))
• Credentials: Enabled for cookie/auth support

const FRONTEND_ORIGIN = process.env.CORS_ORIGIN || 'https://idweb3.sliplane.app';
const corsOptions = {
  origin: FRONTEND_ORIGIN,
  methods: ['GET','HEAD','PUT','PATCH','POST','DELETE','OPTIONS'],
  allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With'],
  credentials: true
};

app.use(cors(corsOptions));
app.options('*', cors(corsOptions));

Deployment

1. cd backend && npm install
2. Deploy to Sliplane
3. Verify: curl -i https://idweb3-y8qpxt.sliplane.app/health should include Access-Control-Allow-Origin: https://idweb3.sliplane.app

Optionally set CORS_ORIGIN env var in Sliplane (already defaults correctly).

Original prompt

Enable CORS in the backend API to allow the frontend origin https://idweb3.sliplane.app to access the API. Changes to make:

1. Add or confirm 'cors' package in backend/package.json dependencies.
2. Modify the backend server entry file to use the cors middleware and to explicitly set Access-Control-Allow-Origin to the frontend domain. The middleware should also handle OPTIONS preflight requests and allow common headers (Content-Type, Authorization, X-Requested-With) and credentials if necessary.

Implementation details:

• Detect the backend entry file by searching for app.listen(...) in backend/ and modify that file (likely backend/src/server.js) to require('cors') and insert the middleware after app initialization and before routes.
• Use an environment variable CORS_ORIGIN (fallback default to 'https://idweb3.sliplane.app').
• Add app.options('*', cors(corsOptions)); and a small middleware to set headers and handle OPTIONS returning 204.

Files to change or create:

• Create branch: copilot/enable-cors-backend
• Update backend/package.json to ensure "cors": "^2.8.5" is present in dependencies (preserve existing dependencies).
• Update backend/src/server.js (or detected entry file) with cors usage as described.

PR description (include instructions):

• Title: Enable CORS on idweb3-api backend to allow frontend origin
• Body: explain changes, how to install deps (cd backend && npm install), redeploy, verify with curl -i https://idweb3-y8qpxt.sliplane.app/health expecting Access-Control-Allow-Origin header, and recommend setting CORS_ORIGIN env var in Sliplane.

Do NOT include any secrets.

This pull request was created as a result of the following prompt from Copilot chat.

Enable CORS in the backend API to allow the frontend origin https://idweb3.sliplane.app to access the API. Changes to make:

1. Add or confirm 'cors' package in backend/package.json dependencies.
2. Modify the backend server entry file to use the cors middleware and to explicitly set Access-Control-Allow-Origin to the frontend domain. The middleware should also handle OPTIONS preflight requests and allow common headers (Content-Type, Authorization, X-Requested-With) and credentials if necessary.

Implementation details:

• Detect the backend entry file by searching for app.listen(...) in backend/ and modify that file (likely backend/src/server.js) to require('cors') and insert the middleware after app initialization and before routes.
• Use an environment variable CORS_ORIGIN (fallback default to 'https://idweb3.sliplane.app').
• Add app.options('*', cors(corsOptions)); and a small middleware to set headers and handle OPTIONS returning 204.

Files to change or create:

• Create branch: copilot/enable-cors-backend
• Update backend/package.json to ensure "cors": "^2.8.5" is present in dependencies (preserve existing dependencies).
• Update backend/src/server.js (or detected entry file) with cors usage as described.

PR description (include instructions):

• Title: Enable CORS on idweb3-api backend to allow frontend origin
• Body: explain changes, how to install deps (cd backend && npm install), redeploy, verify with curl -i https://idweb3-y8qpxt.sliplane.app/health expecting Access-Control-Allow-Origin header, and recommend setting CORS_ORIGIN env var in Sliplane.

Do NOT include any secrets.

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}