add credentials option to origin cors

lucasgehl3n · Nov 19, 2023 · 79de678 · 79de678
1 parent 03efe34
commit 79de678
Showing 1 changed file with 16 additions and 21 deletions.
diff --git a/src/app.ts b/src/app.ts
@@ -24,32 +24,27 @@ class Application {
     }
 
     private _setMiddlewares(): void {
-        this.express.use(cors({
-            methods: 'GET,HEAD,PUT,PATCH,POST,DELETE',
-            optionsSuccessStatus: 200,
+        const corsOptions = {
             credentials: true,
-        }));
-
-        this.express.use(function (req: any, res: any, next) {
-            res.header('Access-Control-Allow-Credentials', true);
+            origin: function (origin: any, callback: any) {
+                const allowedOrigins = ['http://localhost', 'http://localhost:3000', process.env.FRONTEND_URL];
 
-            const allowedOrigins = ['http://localhost', 'http://localhost:3000', process.env.FRONTEND_URL];
-            const origin = req.headers.origin;
-            if (allowedOrigins.includes(origin)) {
-                res.setHeader('Access-Control-Allow-Origin', origin);
-            }
+                if (!origin || allowedOrigins.includes(origin)) {
+                    callback(null, true);
+                } else {
+                    callback(new Error('Not allowed by CORS'));
+                }
+            },
+            methods: 'GET,PUT,POST,DELETE',
+            allowedHeaders: 'Origin, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version, X-Response-Time, X-PINGOTHER, X-CSRF-Token, Authorization',
+        };
 
-            res.header('Access-Control-Allow-Origin', req.headers.origin);
-            res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
-            res.header('Access-Control-Allow-Headers', 'Origin, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version, X-Response-Time, X-PINGOTHER, X-CSRF-Token,Authorization');
+        this.express.use(cors(corsOptions));
 
-            if (req.method === "OPTIONS") {
-                return res.status(200).end();
-            } else {
-                next();
-            }
-        });
+        // Middleware para lidar com preflight (solicitações OPTIONS)
+        this.express.options('*', cors(corsOptions));
         this.express.use(express.json());
+
         this.express.use(express.urlencoded({ extended: true }));
         this.express.use(AuthenticationValidator);
     }