I\'ve enabled CORS in my NestJS app following the official tutorial, so my main.ts
looks like the following:
import { FastifyAdapter, NestFactory }
If you are running NestJs with graphql you will run into a problem where Apollo server will override the CORS setting see link. This below fixed the problem. I wasted 8 hrs of my life on this. :-( I hope you see this and you don't do that. see link and link
GraphQLModule.forRoot({
debug: process.env.NODE_ENV !== 'production',
playground: process.env.NODE_ENV !== 'production',
typePaths: ['./**/*.graphql'],
installSubscriptionHandlers: true,
context: ({req}) => {
return {req};
},
cors: {
credentials: true,
origin: true,
},
}),
then in your main.ts:
app.enableCors({
origin: true,
methods: 'GET,HEAD,PUT,PATCH,POST,DELETE,OPTIONS',
credentials: true,
});
Sad to know that you also tried:
const app = await NestFactory.create(ApplicationModule);
app.enableCors();
await app.listen(3000);
And it's still not working.
Ensure that on your server side you have cors enabled, which should be something like this:
app.use((req, res, next) => {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.header('Access-Control-Allow-Headers', 'Content-Type, Accept');
next();
});
And also ensure that your browser is cors supported. If all these still doesn't work, I will advice you download Allow-Control-Allow-Origin extension for Chrome, it should fix your issue.
Try to use an approach described in here https://docs.nestjs.com/techniques/security#cors
const app = await NestFactory.create(ApplicationModule);
app.enableCors();
await app.listen(3000);
I was able to get it working by giving my own origin function. The complete enableCors function would be like for NestJS or any NodeJS server like:
var whitelist = ['https://website.com', 'https://www.website.com'];
app.enableCors({
origin: function (origin, callback) {
if (whitelist.indexOf(origin) !== -1) {
console.log("allowed cors for:", origin)
callback(null, true)
} else {
console.log("blocked cors for:", origin)
callback(new Error('Not allowed by CORS'))
}
},
allowedHeaders: 'X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept, Observe',
methods: "GET,PUT,POST,DELETE,UPDATE,OPTIONS",
credentials: true,
});
and the appOptions if you are using NestJS Express:
const app = await NestFactory.create<NestExpressApplication>(AppModule);
Somehow the issue was compiling it using npm run webpack
. If I compile it using prestart:prod
then it will work.
Thanks @georgii-rychko for suggesting it via comments.