NestJS enable cors in production

Try to use an approach described in here https://docs.nestjs.com/techniques/security#cors

const app = await NestFactory.create(ApplicationModule);app.enableCors();await app.listen(3000);

If you are running NestJs with graphql you will run into a problem where Apollo server will override the CORS setting see link. This below fixed the problem. I wasted 8 hrs of my life on this. :-( I hope you see this and you don't do that. see link and link

        GraphQLModule.forRoot({            debug: process.env.NODE_ENV !== 'production',            playground: process.env.NODE_ENV !== 'production',            typePaths: ['./**/*.graphql'],            installSubscriptionHandlers: true,            context: ({req}) => {                return {req};            },            cors: {                credentials: true,                origin: true,            },        }),

then in your main.ts:

        app.enableCors({            origin: true,            methods: 'GET,HEAD,PUT,PATCH,POST,DELETE,OPTIONS',            credentials: true,        });

I was able to get it working by giving my own origin function. The complete enableCors function would be like for NestJS or any NodeJS server like:

var whitelist = ['https://website.com', 'https://www.website.com'];app.enableCors({origin: function (origin, callback) {  if (whitelist.indexOf(origin) !== -1) {    console.log("allowed cors for:", origin)    callback(null, true)  } else {    console.log("blocked cors for:", origin)    callback(new Error('Not allowed by CORS'))  }},allowedHeaders: 'X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept, Observe',methods: "GET,PUT,POST,DELETE,UPDATE,OPTIONS",credentials: true,});

and the appOptions if you are using NestJS Express:

const app = await NestFactory.create<NestExpressApplication>(AppModule);