From 7bd2fe4a4fd2d3c73155642d19a2a0063f38c13e Mon Sep 17 00:00:00 2001
From: Justin Reynolds <justinr1234@gmail.com>
Date: Tue, 1 Sep 2020 19:30:16 -0500
Subject: [PATCH] Allow setting cookies from other origins

---
 @app/server/src/middleware/installSession.ts | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/@app/server/src/middleware/installSession.ts b/@app/server/src/middleware/installSession.ts
index e41188d3..8de332a1 100644
--- a/@app/server/src/middleware/installSession.ts
+++ b/@app/server/src/middleware/installSession.ts
@@ -75,7 +75,15 @@ export default (app: Express) => {
    * different authentication method such as bearer tokens.
    */
   const wrappedSessionMiddleware: RequestHandler = (req, res, next) => {
-    if (req.isSameOrigin) {
+    const origins = [];
+    if (process.env.SESSION_ALLOWED_ORIGINS) {
+      origins.push(
+        ...(process.env.SESSION_ALLOWED_ORIGINS?.replace(/s\s/g, "").split(
+          ","
+        ) || [])
+      );
+    }
+    if (req.isSameOrigin || origins.includes(req.get("Origin") || "")) {
       sessionMiddleware(req, res, next);
     } else {
       next();