From 78c22ab7c2d43e063d933a61f0ce33a0620f588c Mon Sep 17 00:00:00 2001 From: dimitar Date: Tue, 1 Apr 2025 00:34:04 +0200 Subject: [PATCH] further CORS tweaks --- backend/.env | 2 +- backend/src/app.module.ts | 42 +++++++++++++++++++++++-------- backend/src/config/cors.config.ts | 17 +++++++++++++ backend/src/main.ts | 28 ++------------------- 4 files changed, 52 insertions(+), 37 deletions(-) create mode 100644 backend/src/config/cors.config.ts diff --git a/backend/.env b/backend/.env index 5b7df95..163531f 100644 --- a/backend/.env +++ b/backend/.env @@ -23,7 +23,7 @@ SMTP_USER=mailer@imk.mk SMTP_PASS=76Avtostoperski76 SMTP_FROM=mailer@imk.mk # FRONTEND_URL=https://imk.mk -EMAIL_FROM=mailer@yandex.com +EMAIL_FROM=mailer@imk.mk ADMIN_EMAIL=taratur@gmail.com diff --git a/backend/src/app.module.ts b/backend/src/app.module.ts index 7d5a4e8..1ae83b3 100644 --- a/backend/src/app.module.ts +++ b/backend/src/app.module.ts @@ -2,7 +2,6 @@ import { MiddlewareConsumer, Module, NestModule } from "@nestjs/common"; import { AppController } from "./app.controller"; import { AppService } from "./app.service"; import { AuthModule } from "./auth/auth.module"; -//import { TypeOrmModule } from '@nestjs/typeorm'; import { AdminModule } from "./admin/admin.module"; import { ClientModule } from "./client/client.module"; import { UploadService } from "./upload/upload.service"; @@ -12,12 +11,14 @@ import { S3Module } from "./s3/s3.module"; import { PrismaService } from "./prisma/prisma.service"; import { PrismaModule } from "./prisma/prisma.module"; import { ConfigModule } from "@nestjs/config"; +import { ConfigService } from "@nestjs/config"; import { AuthController } from "./auth/auth.controller"; import { DocumentsController } from "./documents/documents.controller"; import { JwtModule } from "@nestjs/jwt"; import { EmailModule } from "./email/email.module"; import { InitModule } from "./init/init.module"; import { HealthController } from "./health/health.controller"; +import { corsConfig } from "./config/cors.config"; @Module({ imports: [ @@ -51,19 +52,40 @@ import { HealthController } from "./health/health.controller"; ], }) export class AppModule implements NestModule { + constructor(private readonly configService: ConfigService) {} configure(consumer: MiddlewareConsumer) { + const allowedOrigins = [ + "http://localhost:5173", + "https://www.placebo.mk", + "https://placebo.mk", + "https://imkapi.oblak.solutions", + ]; + consumer .apply((req, res, next) => { - res.setHeader("Access-Control-Allow-Origin", req.headers.origin); + const origin = req.headers.origin; + if (req.method === "OPTIONS") { + if (origin && corsConfig.origin.includes(origin)) { + res.header("Access-Control-Allow-Origin", origin); + } + res.header("Access-Control-Allow-Credentials", "true"); + res.header( + "Access-Control-Allow-Methods", + corsConfig.methods.join(", "), + ); + res.header( + "Access-Control-Allow-Headers", + corsConfig.allowedHeaders.join(", "), + ); + res.header("Access-Control-Max-Age", "86400"); + res.status(204).end(); + return; + } + + if (origin && corsConfig.origin.includes(origin)) { + res.header("Access-Control-Allow-Origin", origin); + } res.header("Access-Control-Allow-Credentials", "true"); - res.header( - "Access-Control-Allow-Headers", - "Origin, X-Requested-With, Content-Type, Accept", - ); - res.header( - "Access-Control-Allow-Methods", - "GET, POST, PUT, DELETE, OPTIONS", - ); next(); }) .forRoutes("*"); diff --git a/backend/src/config/cors.config.ts b/backend/src/config/cors.config.ts new file mode 100644 index 0000000..2e5caf8 --- /dev/null +++ b/backend/src/config/cors.config.ts @@ -0,0 +1,17 @@ +export const corsConfig = { + origin: [ + "http://localhost:5173", + "https://www.placebo.mk", + "https://placebo.mk", + "https://imkapi.oblak.solutions", + ], + methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"], + credentials: true, + allowedHeaders: [ + "Origin", + "X-Requested-With", + "Content-Type", + "Accept", + "Authorization", + ], +}; diff --git a/backend/src/main.ts b/backend/src/main.ts index 723bd7b..ec1c382 100644 --- a/backend/src/main.ts +++ b/backend/src/main.ts @@ -3,6 +3,7 @@ import { NestFactory } from "@nestjs/core"; import { AppModule } from "./app.module"; // import { CorsOptions } from '@nestjs/common/interfaces/external/cors-options.interface'; import helmet from "helmet"; +import { corsConfig } from "./config/cors.config"; async function bootstrap() { const logger = new Logger("Bootstrap"); @@ -15,32 +16,7 @@ async function bootstrap() { }); // Enable CORS - app.enableCors({ - origin: [ - "https://www.placebo.mk", - "https://placebo.mk", - "http://localhost:5173", - "https://imkapi.oblak.solutions", - ], - methods: "GET,HEAD,PUT,PATCH,POST,DELETE,OPTIONS", - credentials: true, - allowedHeaders: [ - "Origin", - "X-Requested-With", - "Content-Type", - "Accept", - "Authorization", - "Access-Control-Allow-Headers", - "Access-Control-Allow-Origin", - "Access-Control-Allow-Credentials", - ], - exposedHeaders: [ - "Access-Control-Allow-Origin", - "Access-Control-Allow-Credentials", - ], - preflightContinue: false, - optionsSuccessStatus: 204, - }); + app.enableCors(corsConfig); // Global pipes app.useGlobalPipes(