fix: update local CORS settings requirements

getlarge · Dec 19, 2023 · 8d05046 · 8d05046
1 parent a262f71
commit 8d05046
Show file tree

Hide file tree

Showing 5 changed files with 43 additions and 13 deletions.
diff --git a/apps/auth/src/main.ts b/apps/auth/src/main.ts
@@ -31,6 +31,7 @@ import { AppModule } from './app/app.module';
 import { EnvironmentVariables } from './app/env';
 import { APP_FOLDER, DEFAULT_PORT } from './app/shared/constants';
 
+// eslint-disable-next-line max-lines-per-function
 async function bootstrap(): Promise<void> {
   const app = await NestFactory.create<NestFastifyApplication>(
     AppModule,
@@ -55,10 +56,6 @@ async function bootstrap(): Promise<void> {
   const logger = app.get(Logger);
   app.useLogger(logger);
   app.setGlobalPrefix(GLOBAL_API_PREFIX);
-  // app.useStaticAssets({
-  //   root: resolve(`dist/${APP_FOLDER}/public`),
-  //   prefix: '/',
-  // });
 
   // Fastify
   await app.register(fastifyHelmet, {
@@ -77,9 +74,17 @@ async function bootstrap(): Promise<void> {
   });
   await app.register(fastifyPassport.initialize());
   await app.register(fastifyPassport.secureSession());
-  if (!proxyServerUrls.length) {
+  if (!proxyServerUrls.length && environment === 'production') {
     await app.register(fastifyCors, {
-      origin: '*',
+      origin: (origin, cb) => {
+        const hostname = new URL(origin).hostname;
+        if (hostname === 'localhost' || hostname === '127.0.0.1') {
+          cb(null, true);
+          return;
+        }
+        cb(new Error('Not allowed'), false);
+      },
+      credentials: true,
       // allowedHeaders: ALLOWED_HEADERS,
       // exposedHeaders: EXPOSED_HEADERS,
       allowedHeaders: '*',

diff --git a/apps/orders/src/main.ts b/apps/orders/src/main.ts
@@ -75,9 +75,17 @@ async function bootstrap(): Promise<void> {
   });
   await app.register(fastifyPassport.initialize());
   await app.register(fastifyPassport.secureSession());
-  if (!proxyServerUrls.length) {
+  if (!proxyServerUrls.length && environment === 'development') {
     await app.register(fastifyCors, {
-      origin: '*',
+      origin: (origin, cb) => {
+        const hostname = new URL(origin).hostname;
+        if (hostname === 'localhost' || hostname === '127.0.0.1') {
+          cb(null, true);
+          return;
+        }
+        cb(new Error('Not allowed'), false);
+      },
+      credentials: true,
       // allowedHeaders: ALLOWED_HEADERS,
       // exposedHeaders: EXPOSED_HEADERS,
       allowedHeaders: '*',

diff --git a/apps/payments/src/main.ts b/apps/payments/src/main.ts
@@ -75,9 +75,16 @@ async function bootstrap(): Promise<void> {
   });
   await app.register(fastifyPassport.initialize());
   await app.register(fastifyPassport.secureSession());
-  if (!proxyServerUrls.length) {
+  if (!proxyServerUrls.length && environment === 'development') {
     await app.register(fastifyCors, {
-      origin: '*',
+      origin: (origin, cb) => {
+        const hostname = new URL(origin).hostname;
+        if (hostname === 'localhost') {
+          cb(null, true);
+          return;
+        }
+        cb(new Error('Not allowed'), false);
+      },
       // allowedHeaders: ALLOWED_HEADERS,
       // exposedHeaders: EXPOSED_HEADERS,
       allowedHeaders: '*',

diff --git a/apps/tickets/src/main.ts b/apps/tickets/src/main.ts
@@ -75,9 +75,17 @@ async function bootstrap(): Promise<void> {
   });
   await app.register(fastifyPassport.initialize());
   await app.register(fastifyPassport.secureSession());
-  if (!proxyServerUrls.length) {
+  if (!proxyServerUrls.length && environment === 'development') {
     await app.register(fastifyCors, {
-      origin: '*',
+      origin: (origin, cb) => {
+        const hostname = new URL(origin).hostname;
+        if (hostname === 'localhost' || hostname === '127.0.0.1') {
+          cb(null, true);
+          return;
+        }
+        cb(new Error('Not allowed'), false);
+      },
+      credentials: true,
       // allowedHeaders: ALLOWED_HEADERS,
       // exposedHeaders: EXPOSED_HEADERS,
       allowedHeaders: '*',

diff --git a/libs/microservices/shared/constants/src/requests.ts b/libs/microservices/shared/constants/src/requests.ts
@@ -24,7 +24,7 @@ export const bearerSecurityScheme: SecuritySchemeObject = {
 };
 
 export const getCookieOptions = (
-  environment: Environment
+  environment: Environment,
 ): CookieSerializeOptions => ({
   secure: !devEnvironments.includes(environment),
   signed: false,
@@ -36,7 +36,9 @@ export const ALLOWED_HEADERS = [
   'X-Version',
   'X-Access-Token',
   'X-Refresh-Token',
+  'Authorization',
   'Set-Cookie',
+  'Cookie',
   'DNT',
   'User-Agent',
   'X-Requested-With',