From 0eb44072190f21cdad1ce65499a86486a7d026ab Mon Sep 17 00:00:00 2001
From: Jeff Emmett <46964190+Jeff-Emmett@users.noreply.github.com>
Date: Sat, 7 Dec 2024 13:15:38 -0500
Subject: [PATCH] fix worker deployment

---
 .gitignore               |  1 +
 src/components/Board.tsx |  2 +-
 worker/worker.ts         | 29 +++++++++++++++++++----------
 3 files changed, 21 insertions(+), 11 deletions(-)

diff --git a/.gitignore b/.gitignore
index 46f7caa..efa4db0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -180,6 +180,7 @@ dist
 
 # Environment variables
 .env*
+.env.development
 !.env.example
 .vercel
 
diff --git a/src/components/Board.tsx b/src/components/Board.tsx
index b584ae8..9d2f9ee 100644
--- a/src/components/Board.tsx
+++ b/src/components/Board.tsx
@@ -27,7 +27,7 @@ import { useCameraControls } from '@/hooks/useCameraControls'
 import { zoomToSelection } from '../ui-overrides'
 
 //const WORKER_URL = `https://jeffemmett-canvas.jeffemmett.workers.dev`
-export const WORKER_URL = 'https://jeffemmett-canvas.jeffemmett.workers.dev';
+export const WORKER_URL = import.meta.env.VITE_TLDRAW_WORKER_URL || 'https://jeffemmett-canvas.jeffemmett.workers.dev';
 
 const shapeUtils = [ChatBoxShape, VideoChatShape, EmbedShape]
 const tools = [ChatBoxTool, VideoChatTool, EmbedTool]; // Array of tools
diff --git a/worker/worker.ts b/worker/worker.ts
index b99b8ca..4acdcf2 100644
--- a/worker/worker.ts
+++ b/worker/worker.ts
@@ -21,7 +21,11 @@ const securityHeaders = {
 // we're hosting the worker separately to the client. you should restrict this to your own domain.
 const { preflight, corsify } = cors({
 	origin: (origin) => {
-		if (!origin) return undefined
+		const allowedOrigins = [
+			'https://jeffemmett.com',
+			'https://www.jeffemmett.com',
+			'https://jeffemmett-canvas.jeffemmett.workers.dev'
+		];
 
 		const allowedPatterns = [
 			// Localhost with any port
@@ -41,14 +45,20 @@ const { preflight, corsify } = cors({
 			/^https:\/\/jeffemmett-canvas\.jeffemmett\.workers\.dev$/
 		]
 
-		// Check if origin matches any of our patterns
-		const isAllowed = allowedPatterns.some(pattern =>
-			pattern instanceof RegExp
-				? pattern.test(origin)
-				: pattern === origin
-		)
 
-		return isAllowed ? origin : undefined
+		if (!origin) return undefined;
+
+		// Check exact matches first
+		if (allowedOrigins.includes(origin)) {
+			return origin;
+		}
+
+		// Then check patterns
+		if (allowedPatterns.some(pattern => pattern.test(origin))) {
+			return origin;
+		}
+
+		return undefined;
 	},
 	allowMethods: ['GET', 'POST', 'OPTIONS', 'UPGRADE'],
 	allowHeaders: [
@@ -59,8 +69,7 @@ const { preflight, corsify } = cors({
 		'Sec-WebSocket-Key',
 		'Sec-WebSocket-Version',
 		'Sec-WebSocket-Extensions',
-		'Sec-WebSocket-Protocol',
-		...Object.keys(securityHeaders)
+		'Sec-WebSocket-Protocol'
 	],
 	maxAge: 86400,
 })