From bfc8a64c445a4cb9c860333bdf9fde666436a537 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Wed, 16 Mar 2022 16:35:45 +0800
Subject: [PATCH] refactor(console): add dev origin to allowed CORS domain in
 OIDC (#397)

---
 packages/core/src/oidc/init.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/packages/core/src/oidc/init.ts b/packages/core/src/oidc/init.ts
index b97c0c819..0710eeb3a 100644
--- a/packages/core/src/oidc/init.ts
+++ b/packages/core/src/oidc/init.ts
@@ -91,7 +91,9 @@ export default async function initOidc(app: Koa): Promise<Provider> {
     clientBasedCORS: (_, origin) => {
       console.log('origin', origin);
 
-      return origin.startsWith('http://localhost:3001');
+      return ['http://localhost:3001', 'https://logto.dev'].some((value) =>
+        origin.startsWith(value)
+      );
     },
     findAccount: async (ctx, sub) => {
       await findUserById(sub);