nav/Fabric.Backend.Center
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(center): enable CORS for auth preflight and desktop origins

Browse Source
This commit is contained in:
nav
2026-05-14 16:26:55 +00:00
parent 0b32dc8e3c
commit ebc3571823
1 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/main.ts
View File

@@ -28,6 +28,29 @@ async function bootstrap() {
validateEnv(); validateEnv();
const app = await NestFactory.create(AppModule); const app = await NestFactory.create(AppModule);
const corsOrigins = (process.env.FABRIC_BACKEND_CENTER_CORS_ORIGINS ?? '')
.split(',')
.map((x) => x.trim())
.filter(Boolean);
app.enableCors({
origin: (origin, callback) => {
// no Origin header: curl/server-to-server/most desktop local calls
if (!origin) return callback(null, true);
// desktop/electron local file origin
if (origin === 'null') return callback(null, true);
// empty allowlist => allow all origins
if (!corsOrigins.length) return callback(null, true);
if (corsOrigins.includes(origin)) return callback(null, true);
return callback(new Error('CORS origin not allowed'), false);
},
methods: ['GET', 'POST', 'PATCH', 'PUT', 'DELETE', 'OPTIONS'],
allowedHeaders: ['Content-Type', 'Authorization', 'x-client-name', 'x-request-id', 'x-api-key'],
credentials: false,
});
app.setGlobalPrefix('api'); app.setGlobalPrefix('api');
const metrics = app.get(MetricsService); const metrics = app.get(MetricsService);
app.use(createRequestContextMiddleware('center', metrics)); app.use(createRequestContextMiddleware('center', metrics));