further CORS tweaks
This commit is contained in:
parent
96cf5968eb
commit
78c22ab7c2
@ -23,7 +23,7 @@ SMTP_USER=mailer@imk.mk
|
||||
SMTP_PASS=76Avtostoperski76
|
||||
SMTP_FROM=mailer@imk.mk
|
||||
# FRONTEND_URL=https://imk.mk
|
||||
EMAIL_FROM=mailer@yandex.com
|
||||
EMAIL_FROM=mailer@imk.mk
|
||||
|
||||
ADMIN_EMAIL=taratur@gmail.com
|
||||
|
||||
|
||||
@ -2,7 +2,6 @@ import { MiddlewareConsumer, Module, NestModule } from "@nestjs/common";
|
||||
import { AppController } from "./app.controller";
|
||||
import { AppService } from "./app.service";
|
||||
import { AuthModule } from "./auth/auth.module";
|
||||
//import { TypeOrmModule } from '@nestjs/typeorm';
|
||||
import { AdminModule } from "./admin/admin.module";
|
||||
import { ClientModule } from "./client/client.module";
|
||||
import { UploadService } from "./upload/upload.service";
|
||||
@ -12,12 +11,14 @@ import { S3Module } from "./s3/s3.module";
|
||||
import { PrismaService } from "./prisma/prisma.service";
|
||||
import { PrismaModule } from "./prisma/prisma.module";
|
||||
import { ConfigModule } from "@nestjs/config";
|
||||
import { ConfigService } from "@nestjs/config";
|
||||
import { AuthController } from "./auth/auth.controller";
|
||||
import { DocumentsController } from "./documents/documents.controller";
|
||||
import { JwtModule } from "@nestjs/jwt";
|
||||
import { EmailModule } from "./email/email.module";
|
||||
import { InitModule } from "./init/init.module";
|
||||
import { HealthController } from "./health/health.controller";
|
||||
import { corsConfig } from "./config/cors.config";
|
||||
|
||||
@Module({
|
||||
imports: [
|
||||
@ -51,19 +52,40 @@ import { HealthController } from "./health/health.controller";
|
||||
],
|
||||
})
|
||||
export class AppModule implements NestModule {
|
||||
constructor(private readonly configService: ConfigService) {}
|
||||
configure(consumer: MiddlewareConsumer) {
|
||||
const allowedOrigins = [
|
||||
"http://localhost:5173",
|
||||
"https://www.placebo.mk",
|
||||
"https://placebo.mk",
|
||||
"https://imkapi.oblak.solutions",
|
||||
];
|
||||
|
||||
consumer
|
||||
.apply((req, res, next) => {
|
||||
res.setHeader("Access-Control-Allow-Origin", req.headers.origin);
|
||||
const origin = req.headers.origin;
|
||||
if (req.method === "OPTIONS") {
|
||||
if (origin && corsConfig.origin.includes(origin)) {
|
||||
res.header("Access-Control-Allow-Origin", origin);
|
||||
}
|
||||
res.header("Access-Control-Allow-Credentials", "true");
|
||||
res.header(
|
||||
"Access-Control-Allow-Headers",
|
||||
"Origin, X-Requested-With, Content-Type, Accept",
|
||||
"Access-Control-Allow-Methods",
|
||||
corsConfig.methods.join(", "),
|
||||
);
|
||||
res.header(
|
||||
"Access-Control-Allow-Methods",
|
||||
"GET, POST, PUT, DELETE, OPTIONS",
|
||||
"Access-Control-Allow-Headers",
|
||||
corsConfig.allowedHeaders.join(", "),
|
||||
);
|
||||
res.header("Access-Control-Max-Age", "86400");
|
||||
res.status(204).end();
|
||||
return;
|
||||
}
|
||||
|
||||
if (origin && corsConfig.origin.includes(origin)) {
|
||||
res.header("Access-Control-Allow-Origin", origin);
|
||||
}
|
||||
res.header("Access-Control-Allow-Credentials", "true");
|
||||
next();
|
||||
})
|
||||
.forRoutes("*");
|
||||
|
||||
17
backend/src/config/cors.config.ts
Normal file
17
backend/src/config/cors.config.ts
Normal file
@ -0,0 +1,17 @@
|
||||
export const corsConfig = {
|
||||
origin: [
|
||||
"http://localhost:5173",
|
||||
"https://www.placebo.mk",
|
||||
"https://placebo.mk",
|
||||
"https://imkapi.oblak.solutions",
|
||||
],
|
||||
methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"],
|
||||
credentials: true,
|
||||
allowedHeaders: [
|
||||
"Origin",
|
||||
"X-Requested-With",
|
||||
"Content-Type",
|
||||
"Accept",
|
||||
"Authorization",
|
||||
],
|
||||
};
|
||||
@ -3,6 +3,7 @@ import { NestFactory } from "@nestjs/core";
|
||||
import { AppModule } from "./app.module";
|
||||
// import { CorsOptions } from '@nestjs/common/interfaces/external/cors-options.interface';
|
||||
import helmet from "helmet";
|
||||
import { corsConfig } from "./config/cors.config";
|
||||
|
||||
async function bootstrap() {
|
||||
const logger = new Logger("Bootstrap");
|
||||
@ -15,32 +16,7 @@ async function bootstrap() {
|
||||
});
|
||||
|
||||
// Enable CORS
|
||||
app.enableCors({
|
||||
origin: [
|
||||
"https://www.placebo.mk",
|
||||
"https://placebo.mk",
|
||||
"http://localhost:5173",
|
||||
"https://imkapi.oblak.solutions",
|
||||
],
|
||||
methods: "GET,HEAD,PUT,PATCH,POST,DELETE,OPTIONS",
|
||||
credentials: true,
|
||||
allowedHeaders: [
|
||||
"Origin",
|
||||
"X-Requested-With",
|
||||
"Content-Type",
|
||||
"Accept",
|
||||
"Authorization",
|
||||
"Access-Control-Allow-Headers",
|
||||
"Access-Control-Allow-Origin",
|
||||
"Access-Control-Allow-Credentials",
|
||||
],
|
||||
exposedHeaders: [
|
||||
"Access-Control-Allow-Origin",
|
||||
"Access-Control-Allow-Credentials",
|
||||
],
|
||||
preflightContinue: false,
|
||||
optionsSuccessStatus: 204,
|
||||
});
|
||||
app.enableCors(corsConfig);
|
||||
|
||||
// Global pipes
|
||||
app.useGlobalPipes(
|
||||
|
||||
Loading…
Reference in New Issue
Block a user