-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmiddleware.ts
68 lines (63 loc) · 2.01 KB
/
middleware.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
// Imports
// ========================================================
import { NextResponse, type NextRequest } from 'next/server';
// Config
// ========================================================
const corsOptions: {
allowedMethods: string[];
allowedOrigins: string[];
allowedHeaders: string[];
exposedHeaders: string[];
maxAge?: number;
credentials: boolean;
} = {
allowedMethods: (process.env?.ALLOWED_METHODS || '').split(','),
allowedOrigins: (process.env?.ALLOWED_ORIGIN || '').split(','),
allowedHeaders: (process.env?.ALLOWED_HEADERS || '').split(','),
exposedHeaders: (process.env?.EXPOSED_HEADERS || '').split(','),
maxAge: (process.env?.MAX_AGE && parseInt(process.env?.MAX_AGE)) || undefined, // 60 * 60 * 24 * 30, // 30 days
credentials: process.env?.CREDENTIALS == 'true'
};
// Middleware
// ========================================================
// This function can be marked `async` if using `await` inside
export async function middleware(request: NextRequest) {
// Response
const response = NextResponse.next();
// Allowed origins check
const origin = request.headers.get('origin') ?? '';
if (
corsOptions.allowedOrigins.includes('*') ||
corsOptions.allowedOrigins.includes(origin)
) {
response.headers.set('Access-Control-Allow-Origin', origin);
}
console.log(request.headers.get('origin'));
// Set default CORS headers
response.headers.set(
'Access-Control-Allow-Credentials',
corsOptions.credentials.toString()
);
response.headers.set(
'Access-Control-Allow-Methods',
corsOptions.allowedMethods.join(',')
);
response.headers.set(
'Access-Control-Allow-Headers',
corsOptions.allowedHeaders.join(',')
);
response.headers.set(
'Access-Control-Expose-Headers',
corsOptions.exposedHeaders.join(',')
);
response.headers.set(
'Access-Control-Max-Age',
corsOptions.maxAge?.toString() ?? ''
);
// Return
return response;
}
// See "Matching Paths" below to learn more
export const config = {
matcher: '/api/:path*'
};