-
Notifications
You must be signed in to change notification settings - Fork 3
/
main.ts
46 lines (42 loc) · 1.52 KB
/
main.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
import { Logger } from '@nestjs/common';
import { NestFactory } from '@nestjs/core';
import * as cookieParser from 'cookie-parser';
import helmet from 'helmet';
import { AppModule } from './app/app.module';
import { ContentSecurityPolicyOptions } from 'helmet/dist/types/middlewares/content-security-policy';
async function bootstrap() {
const app = await NestFactory.create(AppModule);
const globalPrefix = 'api';
app.setGlobalPrefix(globalPrefix);
const port = process.env.PORT || 3333;
const isProd = process.env.NODE_ENV === 'production';
app.enableCors({
credentials: true,
origin: [
'http://localhost:4200',
'https://show-off.adi.so',
'studio.apollographql.com',
],
});
app.use(cookieParser(process.env.COOKIE_SECRET));
const devContentSecurityPolicy: ContentSecurityPolicyOptions = {
directives: {
manifestSrc: ["'self'", '*.cdn.apollographql.com'],
scriptSrc: ["'self'", "'unsafe-inline'", '*.cdn.apollographql.com'],
frameSrc: ["'self'", '*.embed.apollographql.com'],
imgSrc: ["'self'", 'data:', '*.cdn.apollographql.com'],
},
};
app.use(
helmet({
// when undefined it will load the default option: https://github.com/graphql/graphql-playground/issues/1283#issuecomment-723705276
contentSecurityPolicy: isProd ? undefined : devContentSecurityPolicy,
crossOriginEmbedderPolicy: false,
})
);
await app.listen(port);
Logger.log(
`🚀 Application is running on: http://localhost:${port}/${globalPrefix}`
);
}
bootstrap();