NestJS enable cors in production
Try to use an approach described in here https://docs.nestjs.com/techniques/security#cors
const app = await NestFactory.create(ApplicationModule);app.enableCors();await app.listen(3000);
If you are running NestJs with graphql you will run into a problem where Apollo server will override the CORS setting see link. This below fixed the problem. I wasted 8 hrs of my life on this. :-( I hope you see this and you don't do that. see link and link
GraphQLModule.forRoot({ debug: process.env.NODE_ENV !== 'production', playground: process.env.NODE_ENV !== 'production', typePaths: ['./**/*.graphql'], installSubscriptionHandlers: true, context: ({req}) => { return {req}; }, cors: { credentials: true, origin: true, }, }),
then in your main.ts:
app.enableCors({ origin: true, methods: 'GET,HEAD,PUT,PATCH,POST,DELETE,OPTIONS', credentials: true, });
I was able to get it working by giving my own origin function. The complete enableCors function would be like for NestJS or any NodeJS server like:
var whitelist = ['https://website.com', 'https://www.website.com'];app.enableCors({origin: function (origin, callback) { if (whitelist.indexOf(origin) !== -1) { console.log("allowed cors for:", origin) callback(null, true) } else { console.log("blocked cors for:", origin) callback(new Error('Not allowed by CORS')) }},allowedHeaders: 'X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept, Observe',methods: "GET,PUT,POST,DELETE,UPDATE,OPTIONS",credentials: true,});
and the appOptions if you are using NestJS Express:
const app = await NestFactory.create<NestExpressApplication>(AppModule);