Nestjs 配置跨域中间件
Nestjs 内置了一个 cros 跨域中间件,但只能针对 origin 动态配置,且功能有限,其余都是静态配置,可操作性不强,比如,需要针对 「Access-Control-Allow-Headers」 根据请求页面的 request-headers 动态追加时,就不能满足了。
第一步,引入 cros 中间件
1// cros.ts2import { Request, Response, NextFunction } from 'express';34import { PREFLIGHT } from '../constants';56export function cros(request: Request, response: Response, next: NextFunction) {7 // @ts-ignore8 const { method, headers, logger, url } = request;9 const allowHeaders = headers['access-control-request-headers'] || headers['Access-Control-Request-Headers'] || '';1011 const cropHeaders = {12 'Access-Control-Allow-Origin': headers.origin || '*',13 'Access-Control-Allow-Credentials': true,14 'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE, OPTIONS',15 'Access-Control-Allow-Headers': `swimlane, ${allowHeaders}`,16 'Access-Control-Max-Age': 600,17 'Vary': 'Origin',18 }1920 if (method.toLocaleLowerCase() === 'options') {21 // 记录日志,便于线上定位问题22 logger.info(PREFLIGHT, {23 url,24 result: JSON.stringify(headers)25 });26 response.statusCode = 204;27 response.setHeader('Content-Length', '0');28 for(var key in cropHeaders) {29 response.setHeader(key, cropHeaders[key]);30 }31 response.end();32 } else {33 for(var key in cropHeaders) {34 response.setHeader(key, cropHeaders[key]);35 }36 next();37 }38};
第二步,在 app 启动时,注册
1app.use(cros);