Added cors middleware
This commit is contained in:
parent
5d2b868a3d
commit
c0accbbf34
|
@ -8,6 +8,7 @@ import { SecurityHeadersMiddleware } from './middleware/security-middleware/secu
|
||||||
import { HttpsRedirectMiddleware } from './middleware/https-middlware/https-redirect.middleware';
|
import { HttpsRedirectMiddleware } from './middleware/https-middlware/https-redirect.middleware';
|
||||||
import { AuthModule } from './modules/auth-module/auth.module';
|
import { AuthModule } from './modules/auth-module/auth.module';
|
||||||
import { AccessTokenGuard } from './modules/auth-module/common/guards';
|
import { AccessTokenGuard } from './modules/auth-module/common/guards';
|
||||||
|
import { CorsMiddleware } from './middleware/cors-middleware/cors.middlware';
|
||||||
|
|
||||||
@Module({
|
@Module({
|
||||||
imports: [
|
imports: [
|
||||||
|
@ -24,7 +25,12 @@ export class AppModule {
|
||||||
configure(consumer: MiddlewareConsumer) {
|
configure(consumer: MiddlewareConsumer) {
|
||||||
consumer
|
consumer
|
||||||
// TODO: Redirect via Reverse Proxy all HTTP requests to HTTPS
|
// TODO: Redirect via Reverse Proxy all HTTP requests to HTTPS
|
||||||
.apply(CspMiddleware, SecurityHeadersMiddleware, HttpsRedirectMiddleware)
|
.apply(
|
||||||
|
CspMiddleware,
|
||||||
|
SecurityHeadersMiddleware,
|
||||||
|
HttpsRedirectMiddleware,
|
||||||
|
CorsMiddleware
|
||||||
|
)
|
||||||
.forRoutes({ path: '*', method: RequestMethod.ALL });
|
.forRoutes({ path: '*', method: RequestMethod.ALL });
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,36 @@
|
||||||
|
import { Injectable, NestMiddleware } from '@nestjs/common';
|
||||||
|
import { ConfigService } from '@nestjs/config';
|
||||||
|
import { Request, Response, NextFunction } from 'express';
|
||||||
|
|
||||||
|
@Injectable()
|
||||||
|
export class CorsMiddleware implements NestMiddleware {
|
||||||
|
constructor(private readonly configService: ConfigService) {}
|
||||||
|
|
||||||
|
public use(req: Request, res: Response, next: NextFunction): void {
|
||||||
|
if (this.configService.get<string>('NODE_ENV') === 'production') {
|
||||||
|
const allowedOrigin = this.configService.get<string>('CORS_ALLOW_ORIGIN');
|
||||||
|
|
||||||
|
if (req.headers.origin === allowedOrigin) {
|
||||||
|
res.header('Access-Control-Allow-Origin', allowedOrigin);
|
||||||
|
res.header(
|
||||||
|
'Access-Control-Allow-Methods',
|
||||||
|
this.configService.get<string>('CORS_ALLOW_METHODS')
|
||||||
|
);
|
||||||
|
res.header(
|
||||||
|
'Access-Control-Allow-Headers',
|
||||||
|
this.configService.get<string>('CORS_ALLOW_HEADERS')
|
||||||
|
);
|
||||||
|
|
||||||
|
if (req.method === 'OPTIONS') {
|
||||||
|
res.sendStatus(200);
|
||||||
|
} else {
|
||||||
|
next();
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
res.status(403).json({ message: 'Forbidden' });
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
next();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue