temp disable cors

infrastructure/main.tf

@@ -54,7 +54,7 @@ resource "aws_ecs_task_definition" "app" {
         }
       ],
       environment = [
-        { "name" : "BACKEND_URL", "value" : "http://${aws_lb.app.dns_name}/api" },
+        { "name" : "REACT_APP_BACKEND_URL", "value" : "http://${aws_lb.app.dns_name}/api" },
         { "name" : "TEST_ENV", "value" : "12345" },
       ],
       // TODO: add env vars
@@ -81,6 +81,10 @@ resource "aws_ecs_task_definition" "app" {
         }
       ],
       environment = [
+        // TODO: we may end up needing to have two env vars here, one for the
+        // alb url (for cors), and one for the redirect (the actual domain name)
+        // - Right now we're just using `FRONTEND_URL` in the same places in
+        //   the backend
         { "name" : "FRONTEND_URL", "value" : "http://${aws_lb.app.dns_name}/" },
         { "name" : "ATLAS_URI", "value" : var.atlas_uri },
         { "name" : "COOKIE_SECRET", "value" : var.cookie_secret },

server/src/config/createExpressApp.ts

@@ -37,7 +37,13 @@ const createExpressApp = (sessionStore: MongoStore): express.Express => {
     }),
   );
   // Gives express the ability accept origins outside its own to accept requests from
-  app.use(cors({ credentials: true, origin: FRONTEND_URL }));
+  // app.use(cors({ credentials: true, origin: FRONTEND_URL }));
+  app.use(
+    cors({
+      origin: '*',
+      credentials: false,
+    }),
+  );
   // Gives express the ability to parse client cookies and add them to req.cookies
   app.use(cookieParser(process.env.COOKIE_SECRET));