dimitar/imkFinal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

further CORS tweaks

Browse Source
This commit is contained in:
dimitar 2025-04-01 00:34:04 +02:00
parent 96cf5968eb
commit 78c22ab7c2
4 changed files with 52 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
backend/.env
View File

@ -23,7 +23,7 @@ SMTP_USER=mailer@imk.mk
SMTP_PASS=76Avtostoperski76 SMTP_PASS=76Avtostoperski76
SMTP_FROM=mailer@imk.mk SMTP_FROM=mailer@imk.mk
# FRONTEND_URL=https://imk.mk # FRONTEND_URL=https://imk.mk
EMAIL_FROM=mailer@yandex.com EMAIL_FROM=mailer@imk.mk
ADMIN_EMAIL=taratur@gmail.com ADMIN_EMAIL=taratur@gmail.com

42
backend/src/app.module.ts
View File

@ -2,7 +2,6 @@ import { MiddlewareConsumer, Module, NestModule } from "@nestjs/common";
import { AppController } from "./app.controller"; import { AppController } from "./app.controller";
import { AppService } from "./app.service"; import { AppService } from "./app.service";
import { AuthModule } from "./auth/auth.module"; import { AuthModule } from "./auth/auth.module";
//import { TypeOrmModule } from '@nestjs/typeorm';
import { AdminModule } from "./admin/admin.module"; import { AdminModule } from "./admin/admin.module";
import { ClientModule } from "./client/client.module"; import { ClientModule } from "./client/client.module";
import { UploadService } from "./upload/upload.service"; import { UploadService } from "./upload/upload.service";
@ -12,12 +11,14 @@ import { S3Module } from "./s3/s3.module";
import { PrismaService } from "./prisma/prisma.service"; import { PrismaService } from "./prisma/prisma.service";
import { PrismaModule } from "./prisma/prisma.module"; import { PrismaModule } from "./prisma/prisma.module";
import { ConfigModule } from "@nestjs/config"; import { ConfigModule } from "@nestjs/config";
import { ConfigService } from "@nestjs/config";
import { AuthController } from "./auth/auth.controller"; import { AuthController } from "./auth/auth.controller";
import { DocumentsController } from "./documents/documents.controller"; import { DocumentsController } from "./documents/documents.controller";
import { JwtModule } from "@nestjs/jwt"; import { JwtModule } from "@nestjs/jwt";
import { EmailModule } from "./email/email.module"; import { EmailModule } from "./email/email.module";
import { InitModule } from "./init/init.module"; import { InitModule } from "./init/init.module";
import { HealthController } from "./health/health.controller"; import { HealthController } from "./health/health.controller";
import { corsConfig } from "./config/cors.config";
@Module({ @Module({
imports: [ imports: [
@ -51,19 +52,40 @@ import { HealthController } from "./health/health.controller";
], ],
}) })
export class AppModule implements NestModule { export class AppModule implements NestModule {
constructor(private readonly configService: ConfigService) {}
configure(consumer: MiddlewareConsumer) { configure(consumer: MiddlewareConsumer) {
const allowedOrigins = [
"http://localhost:5173",
"https://www.placebo.mk",
"https://placebo.mk",
"https://imkapi.oblak.solutions",
];
consumer consumer
.apply((req, res, next) => { .apply((req, res, next) => {
res.setHeader("Access-Control-Allow-Origin", req.headers.origin); const origin = req.headers.origin;
if (req.method === "OPTIONS") {
if (origin && corsConfig.origin.includes(origin)) {
res.header("Access-Control-Allow-Origin", origin);
}
res.header("Access-Control-Allow-Credentials", "true");
res.header(
"Access-Control-Allow-Methods",
corsConfig.methods.join(", "),
);
res.header(
"Access-Control-Allow-Headers",
corsConfig.allowedHeaders.join(", "),
);
res.header("Access-Control-Max-Age", "86400");
res.status(204).end();
return;
}
if (origin && corsConfig.origin.includes(origin)) {
res.header("Access-Control-Allow-Origin", origin);
}
res.header("Access-Control-Allow-Credentials", "true"); res.header("Access-Control-Allow-Credentials", "true");
res.header(
"Access-Control-Allow-Headers",
"Origin, X-Requested-With, Content-Type, Accept",
);
res.header(
"Access-Control-Allow-Methods",
"GET, POST, PUT, DELETE, OPTIONS",
);
next(); next();
}) })
.forRoutes("*"); .forRoutes("*");

17
backend/src/config/cors.config.ts Normal file
View File

@ -0,0 +1,17 @@
export const corsConfig = {
origin: [
"http://localhost:5173",
"https://www.placebo.mk",
"https://placebo.mk",
"https://imkapi.oblak.solutions",
],
methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"],
credentials: true,
allowedHeaders: [
"Origin",
"X-Requested-With",
"Content-Type",
"Accept",
"Authorization",
],
};

28
backend/src/main.ts
View File

@ -3,6 +3,7 @@ import { NestFactory } from "@nestjs/core";
import { AppModule } from "./app.module"; import { AppModule } from "./app.module";
// import { CorsOptions } from '@nestjs/common/interfaces/external/cors-options.interface'; // import { CorsOptions } from '@nestjs/common/interfaces/external/cors-options.interface';
import helmet from "helmet"; import helmet from "helmet";
import { corsConfig } from "./config/cors.config";
async function bootstrap() { async function bootstrap() {
const logger = new Logger("Bootstrap"); const logger = new Logger("Bootstrap");
@ -15,32 +16,7 @@ async function bootstrap() {
}); });
// Enable CORS // Enable CORS
app.enableCors({ app.enableCors(corsConfig);
origin: [
"https://www.placebo.mk",
"https://placebo.mk",
"http://localhost:5173",
"https://imkapi.oblak.solutions",
],
methods: "GET,HEAD,PUT,PATCH,POST,DELETE,OPTIONS",
credentials: true,
allowedHeaders: [
"Origin",
"X-Requested-With",
"Content-Type",
"Accept",
"Authorization",
"Access-Control-Allow-Headers",
"Access-Control-Allow-Origin",
"Access-Control-Allow-Credentials",
],
exposedHeaders: [
"Access-Control-Allow-Origin",
"Access-Control-Allow-Credentials",
],
preflightContinue: false,
optionsSuccessStatus: 204,
});
// Global pipes // Global pipes
app.useGlobalPipes( app.useGlobalPipes(