From b8583717356f4042007133aec2b3d46ae8ea3f31 Mon Sep 17 00:00:00 2001
From: Jean-Baptiste Bellet <jb.bellet@gmail.com>
Date: Thu, 29 Dec 2022 15:17:55 +0100
Subject: [PATCH] Be more specific on allowed request origins by adding
 `OFN_URL`

+ add same configuration for production
---
 config/environments/production.rb | 3 +++
 config/environments/staging.rb    | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/config/environments/production.rb b/config/environments/production.rb
index a097aefd29..6fde13c85e 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -48,6 +48,9 @@ Openfoodnetwork::Application.configure do
     reconnect_attempts: 1
   }
 
+  config.action_cable.url = "#{ENV['OFN_URL']}/cable"
+  config.action_cable.allowed_request_origins = [/http:\/\/#{ENV['OFN_URL']}\/*/, /https:\/\/#{ENV['OFN_URL']}\/*/]
+
   # Enable serving of images, stylesheets, and JavaScripts from an asset server
   # config.action_controller.asset_host = "http://assets.example.com"
 
diff --git a/config/environments/staging.rb b/config/environments/staging.rb
index 1c665325a0..6fde13c85e 100644
--- a/config/environments/staging.rb
+++ b/config/environments/staging.rb
@@ -49,7 +49,7 @@ Openfoodnetwork::Application.configure do
   }
 
   config.action_cable.url = "#{ENV['OFN_URL']}/cable"
-  config.action_cable.allowed_request_origins = [/http:\/\/*/, /https:\/\/*/]
+  config.action_cable.allowed_request_origins = [/http:\/\/#{ENV['OFN_URL']}\/*/, /https:\/\/#{ENV['OFN_URL']}\/*/]
 
   # Enable serving of images, stylesheets, and JavaScripts from an asset server
   # config.action_controller.asset_host = "http://assets.example.com"