From 56d78a11198a0d244bd131a8b9386b247212c5a1 Mon Sep 17 00:00:00 2001
From: Mrugesh Mohapatra <me@raisedadead.com>
Date: Thu, 15 Aug 2019 14:42:30 +0530
Subject: [PATCH] fix(server,client): CORS is a real nightmare

---
 api-server/server/middlewares/constant-headers.js | 5 ++++-
 client/src/utils/ajax.js                          | 1 +
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/api-server/server/middlewares/constant-headers.js b/api-server/server/middlewares/constant-headers.js
index 7677bba84c..bca08ce7b1 100644
--- a/api-server/server/middlewares/constant-headers.js
+++ b/api-server/server/middlewares/constant-headers.js
@@ -1,6 +1,9 @@
+import { homeLocation } from '../../../config/env';
+
 export default function constantHeaders() {
   return function(req, res, next) {
-    res.header('Access-Control-Allow-Origin', '*');
+    res.header('Access-Control-Allow-Origin', homeLocation);
+    res.header('Access-Control-Allow-Credentials', true);
     res.header(
       'Access-Control-Allow-Headers',
       'Origin, X-Requested-With, Content-Type, Accept'
diff --git a/client/src/utils/ajax.js b/client/src/utils/ajax.js
index 77d8bfbbc5..87e8173a32 100644
--- a/client/src/utils/ajax.js
+++ b/client/src/utils/ajax.js
@@ -1,6 +1,7 @@
 import axios from 'axios';
 
 const base = '/internal';
+axios.defaults.withCredentials = true;
 
 function get(path) {
   return axios.get(`${base}${path}`);