|
|
@@ -33,9 +33,21 @@ async function bootstrap() {
|
|
|
});
|
|
|
|
|
|
// after creating fastifyAdapter but before NestFactory.create:
|
|
|
+ // Read allowed origin from env (fallback to '*')
|
|
|
+ const corsOrg = process.env.APP_CORS_ORIGIN || '*';
|
|
|
+
|
|
|
await fastifyAdapter.register(fastifyStatic as any, {
|
|
|
root: path.resolve(process.env.IMAGE_ROOT_PATH || '/data/box-images'),
|
|
|
- prefix: '/images/', // so /images/... → that folder
|
|
|
+ prefix: '/images/',
|
|
|
+ setHeaders: (res: any, pathName: any, stat: any) => {
|
|
|
+ // CORS
|
|
|
+ res.setHeader('Access-Control-Allow-Origin', corsOrg);
|
|
|
+ res.setHeader('Access-Control-Allow-Methods', 'GET, OPTIONS');
|
|
|
+ res.setHeader(
|
|
|
+ 'Access-Control-Allow-Headers',
|
|
|
+ 'Origin, X-Requested-With, Content-Type, Accept, Authorization',
|
|
|
+ );
|
|
|
+ },
|
|
|
});
|
|
|
|
|
|
const app = await NestFactory.create<NestFastifyApplication>(
|
