From fa22b070b56d2e72de2c445bbc6fdd9e6b114bea Mon Sep 17 00:00:00 2001
From: unenglishable <unenglishable@gmail.com>
Date: Wed, 19 Feb 2025 14:05:42 -0800
Subject: [PATCH] feat(endpoint): pass checking function to corsica origins

this valid_origin? takes origins config from env and uses
Corsica.allowed_origin? to check if the incoming request is valid
---
 lib/epochtalk_server_web/endpoint.ex | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/lib/epochtalk_server_web/endpoint.ex b/lib/epochtalk_server_web/endpoint.ex
index 28cb052a..d340adea 100644
--- a/lib/epochtalk_server_web/endpoint.ex
+++ b/lib/epochtalk_server_web/endpoint.ex
@@ -6,14 +6,19 @@ defmodule EpochtalkServerWeb.Endpoint do
   plug RemoteIp
 
   # cors configuration
-  corsica_config = Application.get_env(:epochtalk_server, :corsica)
   plug Corsica,
-    origins: corsica_config.origins,
+    origins: {__MODULE__, :valid_origin?, []},
     allow_headers: :all,
     allow_credentials: false,
     allow_private_network: true,
     expose_headers: ["epoch-viewer", "api-key", "x-api-key"]
 
+  def valid_origin?(conn, _origin) do
+    origins = Application.get_env(:epochtalk_server, :corsica).origins
+    options = %Corsica.Options{origins: origins}
+    Corsica.allowed_origin?(conn, options)
+  end
+
   socket "/socket", EpochtalkServerWeb.UserSocket,
     websocket: true,
     longpoll: false