Skip to content

Commit d246ee9

Browse files
MarfuenMarfuen
authored
Mariano/fix 10 (#1894)
* refactor(api): simplify CORS configuration in main.ts
1 parent 4880c21 commit d246ee9

File tree

1 file changed

+2
-42
lines changed

1 file changed

+2
-42
lines changed

apps/api/src/main.ts

Lines changed: 2 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,6 @@ import './config/load-env';
22
import type { INestApplication } from '@nestjs/common';
33
import { ValidationPipe, VersioningType } from '@nestjs/common';
44
import { NestFactory } from '@nestjs/core';
5-
import { CorsExceptionFilter } from './common/filters/cors-exception.filter';
65
import type { OpenAPIObject } from '@nestjs/swagger';
76
import { DocumentBuilder, SwaggerModule } from '@nestjs/swagger';
87
import * as express from 'express';
@@ -16,47 +15,10 @@ let app: INestApplication | null = null;
1615
async function bootstrap(): Promise<void> {
1716
app = await NestFactory.create(AppModule);
1817

19-
// STEP 1: Enable CORS FIRST - critical for preflight requests
20-
const isDevelopment = process.env.NODE_ENV !== 'production';
21-
22-
const allowedOrigins = [
23-
'http://localhost:3000',
24-
'http://localhost:3001',
25-
'http://127.0.0.1:3000',
26-
'https://app.trycomp.ai',
27-
'https://trycomp.ai',
28-
process.env.APP_URL,
29-
].filter(Boolean) as string[];
30-
18+
// Enable CORS for all origins - security is handled by authentication
3119
app.enableCors({
32-
origin: (origin, callback) => {
33-
// Same-origin (no origin header)
34-
if (!origin) {
35-
return callback(null, false); // false for same-origin
36-
}
37-
38-
// Check whitelist
39-
if (allowedOrigins.includes(origin)) {
40-
return callback(null, origin); // Return the origin string
41-
}
42-
43-
// Dev mode: localhost and ngrok
44-
if (isDevelopment) {
45-
if (
46-
origin.includes('localhost') ||
47-
origin.includes('127.0.0.1') ||
48-
origin.includes('ngrok')
49-
) {
50-
return callback(null, origin); // Return the origin string
51-
}
52-
}
53-
54-
// Reject
55-
callback(new Error('Not allowed by CORS'));
56-
},
20+
origin: true,
5721
credentials: true,
58-
preflightContinue: false,
59-
optionsSuccessStatus: 204,
6022
});
6123

6224
// STEP 2: Security headers
@@ -91,8 +53,6 @@ async function bootstrap(): Promise<void> {
9153
}),
9254
);
9355

94-
app.useGlobalFilters(new CorsExceptionFilter());
95-
9656
// Enable API versioning
9757
app.enableVersioning({
9858
type: VersioningType.URI,

0 commit comments

Comments
 (0)