generated from nhcarrigan/template
feat: security and auditing
This commit is contained in:
@@ -0,0 +1,26 @@
|
||||
/**
|
||||
* @copyright 2026 NHCarrigan
|
||||
* @license Naomi's Public License
|
||||
* @author Naomi Carrigan
|
||||
*/
|
||||
|
||||
import { FastifyPluginAsync } from "fastify";
|
||||
import fastifyPlugin from "fastify-plugin";
|
||||
import fastifyCors from "@fastify/cors";
|
||||
|
||||
const corsPlugin: FastifyPluginAsync = async (app) => {
|
||||
const baseUrl = process.env.BASE_URL;
|
||||
|
||||
if (!baseUrl) {
|
||||
throw new Error("BASE_URL environment variable is required");
|
||||
}
|
||||
|
||||
await app.register(fastifyCors, {
|
||||
origin: baseUrl,
|
||||
credentials: true,
|
||||
methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
|
||||
allowedHeaders: ["Content-Type", "Authorization", "X-CSRF-Token"],
|
||||
});
|
||||
};
|
||||
|
||||
export default fastifyPlugin(corsPlugin);
|
||||
Reference in New Issue
Block a user