From 0e0738a2ffee7a7900acb5c513ad7bebc8f462da Mon Sep 17 00:00:00 2001 From: jazicorn <40859840+jazicorn@users.noreply.github.com> Date: Wed, 4 Oct 2023 23:05:57 -0400 Subject: [PATCH 1/2] updated header options --- apps/api/src/server.ts | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/apps/api/src/server.ts b/apps/api/src/server.ts index d16c105..9934383 100644 --- a/apps/api/src/server.ts +++ b/apps/api/src/server.ts @@ -28,18 +28,19 @@ class App { })); this.app.use(bodyParser.json()); this.app.use(cookieParser()); - this.app.options("*", cors({ + this.app.options('*', cors()) + this.app.use(cors({ origin: this.corsOptions, credentials : true, methods: 'GET,PUT,POST,DELETE,OPTIONS', allowedHeaders: 'Origin, X-Requested-With, Content-Type, Accept, Authorization' })); - // this.app.use( (req, res, next) => { - // res.header("Access-Control-Allow-Origin", "*"); - // res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorization"); - // res.header('Access-Control-Allow-Methods', 'PUT, POST, GET, DELETE, OPTIONS'); - // next(); - // }); + this.app.use( (req, res, next) => { + res.header("Access-Control-Allow-Origin", "*"); + res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorization"); + res.header('Access-Control-Allow-Methods', 'PUT, POST, GET, DELETE, OPTIONS'); + next(); + }); // this.app.options("/", (req, res) => { // res.setHeader("Access-Control-Allow-Origin", "*"); // res.setHeader("Access-Control-Allow-Methods", "PUT, POST, GET, DELETE, OPTIONS"); From e553cb2b291bff634c6f9d90ecc6306f745a5a46 Mon Sep 17 00:00:00 2001 From: jazicorn <40859840+jazicorn@users.noreply.github.com> Date: Wed, 4 Oct 2023 23:25:49 -0400 Subject: [PATCH 2/2] updated header options --- apps/api/src/server.ts | 25 ++++--------------------- 1 file changed, 4 insertions(+), 21 deletions(-) diff --git a/apps/api/src/server.ts b/apps/api/src/server.ts index 9934383..9c3556c 100644 --- a/apps/api/src/server.ts +++ b/apps/api/src/server.ts @@ -28,32 +28,15 @@ class App { })); this.app.use(bodyParser.json()); this.app.use(cookieParser()); - this.app.options('*', cors()) + this.app.options('*', cors()); this.app.use(cors({ origin: this.corsOptions, credentials : true, - methods: 'GET,PUT,POST,DELETE,OPTIONS', + methods: "GET,HEAD,PUT,PATCH,POST,DELETE", + preflightContinue: false, + optionsSuccessStatus: 204 allowedHeaders: 'Origin, X-Requested-With, Content-Type, Accept, Authorization' })); - this.app.use( (req, res, next) => { - res.header("Access-Control-Allow-Origin", "*"); - res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorization"); - res.header('Access-Control-Allow-Methods', 'PUT, POST, GET, DELETE, OPTIONS'); - next(); - }); - // this.app.options("/", (req, res) => { - // res.setHeader("Access-Control-Allow-Origin", "*"); - // res.setHeader("Access-Control-Allow-Methods", "PUT, POST, GET, DELETE, OPTIONS"); - // res.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorizatione"); - // res.sendStatus(204); - // }); - // this.app.set('trust proxy', 1) // trust first proxy - // this.app.use(session({ - // secret: process.env.SECRET_TOKEN, - // saveUninitialized:true, - // cookie: { sameSite: 'strict', secure: false, maxAge: 1000 * 60 * 60 * 24 }, - // resave: false - // })); } private initAuthControllers(controllers) {