-
Notifications
You must be signed in to change notification settings - Fork 0
/
cors.ts
42 lines (37 loc) · 1.25 KB
/
cors.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
import {Express} from 'express';
import expressCors, {CorsOptions, CorsOptionsDelegate} from 'cors';
import {ExtendedError} from '../utils';
const allowList = process.env.CORS_ORIGIN?.split(',') || ['http://localhost'];
const defaultOptions: CorsOptions = {
origin: allowList,
methods: 'GET',
allowedHeaders: 'Content-Type,Authorization',
exposedHeaders: 'Content-Length,Content-Type',
maxAge: 86400,
credentials: true,
preflightContinue: false,
optionsSuccessStatus: 204,
};
const corsOptions: CorsOptionsDelegate = (req, callback) => {
const options: CorsOptions = defaultOptions;
const origin = req.headers['origin'];
const allowList = process.env.CORS_ORIGIN?.split(',') || ['http://localhost'];
let error: ExtendedError | null = null;
if (origin) {
if (allowList.includes(origin)) {
options.origin = true; // reflect (enable) the requested origin in the CORS response
} else {
error = new Error('Not allowed');
error.status = 403;
error.code = 'CORS_NOT_ALLOWED';
}
} else {
options.origin = false; // disable CORS for this request
}
callback(error, options);
};
const cors = (app: Express) => {
app.use(expressCors(corsOptions));
app.options('*', expressCors(corsOptions));
};
export default cors;