src/api/middlewares/corsMiddleware.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

export function useCors(req, res, next) {
    res.set(
        'Content-security-policy',
        "default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';"
    );

    res.set('Access-Control-Allow-Origin', '*');
    res.set(
        'Access-Control-Allow-Headers',
        req.header('Access-Control-Request-Headers') || '*'
    );
    res.set(
        'Access-Control-Allow-Methods',
        req.header('Access-Control-Request-Methods') || '*'
    );

    res.set('Access-Control-Allow-Credentials', 'true');

    // Handle preflight requests
    if (req.method === 'OPTIONS') {
        return res.sendStatus(204);
    }

    next();
}