CORS Enablement

After feedback from the community, this PR adds CORS support in, but as an option to enable. Along with warnings that the default wildcard origin might not be applicable in a production use case Signed-off-by: Matthew B White <whitemat@uk.ibm.com>
2026-06-23 01:55:10 +00:00 · 2022-03-31 17:54:24 +01:00 · 2022-03-31 17:54:24 +01:00 · 5f4d0f9551
commit 5f4d0f9551
parent 0262d264d8
3 changed files with 1207 additions and 3312 deletions
--- a/asset-transfer-basic/rest-api-typescript/package-lock.json
+++ b/asset-transfer-basic/rest-api-typescript/package-lock.json
--- a/asset-transfer-basic/rest-api-typescript/package.json
+++ b/asset-transfer-basic/rest-api-typescript/package.json
@ -9,6 +9,7 @@
  },
  "dependencies": {
    "bullmq": "^1.47.2",
+    "cors": "^2.8.5",
    "dotenv": "^10.0.0",
    "env-var": "^7.0.1",
    "express": "^4.17.1",
@ -24,9 +25,10 @@
    "source-map-support": "^0.5.19"
  },
  "devDependencies": {
+    "@types/cors": "^2.8.12",
    "@types/express": "^4.17.12",
    "@types/ioredis": "^4.26.4",
-    "@types/jest": "^26.0.24",
+    "@types/jest": "^27.4.1",
    "@types/node": "^15.14.7",
    "@types/passport": "^1.0.7",
    "@types/pino": "^6.3.8",
@ -38,13 +40,13 @@
    "eslint-config-prettier": "^8.3.0",
    "eslint-plugin-prettier": "^3.4.0",
    "ioredis-mock": "^5.6.0",
-    "jest": "^27.0.6",
+    "jest": "^27.5.1",
    "jest-mock-extended": "^2.0.2-beta2",
    "pino-pretty": "^5.0.2",
    "prettier": "^2.3.1",
    "rimraf": "^3.0.2",
    "supertest": "^6.1.4",
-    "ts-jest": "^27.0.4",
+    "ts-jest": "^27.1.4",
    "ts-node": "^10.1.0",
    "typescript": "^4.3.5"
  },
@ -64,4 +66,4 @@
  "author": "Hyperledger",
  "license": "Apache-2.0",
  "private": true
-}
+}
--- a/asset-transfer-basic/rest-api-typescript/src/server.ts
+++ b/asset-transfer-basic/rest-api-typescript/src/server.ts
@ -13,14 +13,13 @@ import { healthRouter } from './health.router';
 import { jobsRouter } from './jobs.router';
 import { logger } from './logger';
 import { transactionsRouter } from './transactions.router';
+import cors from 'cors';

 const { BAD_REQUEST, INTERNAL_SERVER_ERROR, NOT_FOUND } = StatusCodes;

 export const createServer = async (): Promise<Application> => {
  const app = express();

-  // Remember for production usage, to check any TLS or CORS requirements
-
  app.use(
    pinoMiddleware({
      logger,
@ -51,7 +50,7 @@ export const createServer = async (): Promise<Application> => {
  app.use(passport.initialize());

  if (process.env.NODE_ENV === 'development') {
-    // TBC
+    app.use(cors());
  }

  if (process.env.NODE_ENV === 'test') {