✨ feat(cors): add cross-app communication bundle

Add includeAllManaApps option to enable all ManaCore apps to communicate with each other without manually listing each app's domains. **Changes:** - Added MANACORE_STAGING_ORIGINS, MANACORE_PRODUCTION_ORIGINS, and MANACORE_ALL_APP_ORIGINS constants - Added includeAllManaApps flag to CorsConfigOptions interface - Updated createCorsConfig() and createCorsConfigWithCallback() to support the new flag - Updated mana-core-auth to use includeAllManaApps: true (auth needs to be accessible by all apps) - Updated documentation with usage examples and decision matrix **Benefits:** - One-line configuration enables cross-app communication - Automatically stays in sync as new apps are added - No need to manually update CORS_ORIGINS for each app - Works in both staging and production environments 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2026-05-14 20:21:09 +02:00 · 2025-12-17 17:57:06 +01:00 · 2025-12-17 17:57:06 +01:00 · 3504172e60
commit 3504172e60
parent 4c44764838
6 changed files with 283 additions and 12 deletions
--- a/services/mana-core-auth/package.json
+++ b/services/mana-core-auth/package.json
@ -23,6 +23,7 @@
 	"dependencies": {
 		"@getbrevo/brevo": "^3.0.1",
 		"@google/generative-ai": "^0.24.1",
+		"@manacore/shared-nestjs-cors": "workspace:*",
 		"@nestjs/common": "^10.4.15",
 		"@nestjs/config": "^3.3.0",
 		"@nestjs/core": "^10.4.15",
--- a/services/mana-core-auth/src/main.ts
+++ b/services/mana-core-auth/src/main.ts
@ -3,6 +3,7 @@ import { ValidationPipe } from '@nestjs/common';
 import { ConfigService } from '@nestjs/config';
 import helmet from 'helmet';
 import cookieParser from 'cookie-parser';
+import { createCorsConfig } from '@manacore/shared-nestjs-cors';
 import { AppModule } from './app.module';

 async function bootstrap() {
@ -19,15 +20,17 @@ async function bootstrap() {
 	);
 	app.use(cookieParser());

-	// CORS configuration
-	const corsOrigins = configService.get<string[]>('cors.origin') || [];
-	console.log('📋 CORS Origins configured:', corsOrigins);
-	app.enableCors({
-		origin: corsOrigins,
-		credentials: true,
-		methods: ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'],
-		allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With', 'X-App-Id'],
-	});
+	// CORS configuration with cross-app communication
+	// Auth service needs to be accessible by ALL ManaCore apps
+	const corsOriginsEnv = configService.get<string>('cors.origin');
+	console.log('📋 CORS Origins from env:', corsOriginsEnv);
+	app.enableCors(
+		createCorsConfig({
+			corsOriginsEnv,
+			includeAllManaApps: true, // 🎯 Enable all ManaCore apps to authenticate
+			additionalOrigins: [], // Keep X-App-Id support for custom headers
+		})
+	);

 	// Global validation pipe
 	app.useGlobalPipes(