From c98d15a92033bf7dba3b8b958a2d247c599151cb Mon Sep 17 00:00:00 2001
From: Marshall Quander <marshall@quander.me>
Date: Thu, 2 Aug 2018 17:59:37 -0700
Subject: [PATCH] Make WDS CORS settings correct

---
 package-lock.json | 10 ++++++++++
 package.json      |  1 +
 webpack.config.js |  4 +++-
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/package-lock.json b/package-lock.json
index c820be135..3bb72be05 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -3206,6 +3206,16 @@
       "resolved": "https://registry.yarnpkg.com/core-util-is/-/core-util-is-1.0.2.tgz",
       "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac="
     },
+    "cors": {
+      "version": "2.8.4",
+      "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.4.tgz",
+      "integrity": "sha1-K9OB8usgECAQXNUOpZ2mMJBpRoY=",
+      "dev": true,
+      "requires": {
+        "object-assign": "^4",
+        "vary": "^1"
+      }
+    },
     "cosmiconfig": {
       "version": "5.0.5",
       "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-5.0.5.tgz",
diff --git a/package.json b/package.json
index 2846d03be..20ced69ea 100644
--- a/package.json
+++ b/package.json
@@ -69,6 +69,7 @@
     "babel-preset-env": "^1.6.1",
     "babel-preset-react": "^6.24.1",
     "copy-webpack-plugin": "^4.5.1",
+    "cors": "^2.8.4",
     "css-loader": "^1.0.0",
     "dotenv": "^5.0.1",
     "eslint": "^5.2.0",
diff --git a/webpack.config.js b/webpack.config.js
index b8f961ac4..4ca201bb9 100644
--- a/webpack.config.js
+++ b/webpack.config.js
@@ -7,6 +7,7 @@ const fs = require("fs");
 const path = require("path");
 const selfsigned = require("selfsigned");
 const webpack = require("webpack");
+const cors = require("cors");
 const HTMLWebpackPlugin = require("html-webpack-plugin");
 const ExtractTextPlugin = require("extract-text-webpack-plugin");
 const CopyWebpackPlugin = require("copy-webpack-plugin");
@@ -76,8 +77,9 @@ module.exports = (env, argv) => ({
     host: "0.0.0.0",
     useLocalIp: true,
     allowedHosts: ["hubs.local"],
-    headers: { "Access-Control-Allow-Origin": "hubs.local" },
     before: function(app) {
+      // be flexible with people accessing via a local reticulum on another port
+      app.use(cors({ origin: /hubs\.local(:\d*)?$/ }));
       // networked-aframe makes HEAD requests to the server for time syncing. Respond with an empty body.
       app.head("*", function(req, res, next) {
         if (req.method === "HEAD") {
-- 
GitLab