NestJSframework~30 mins

Third-party middleware (cors, helmet) in NestJS - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Using Third-party Middleware (cors, helmet) in NestJS

📖 Scenario: You are building a simple NestJS server for a small web app. You want to keep your app safe and allow requests from other websites properly.To do this, you will add two popular middlewares: cors to control which websites can talk to your server, and helmet to add security headers that protect your app.

🎯 Goal: Learn how to add and configure third-party middleware cors and helmet in a NestJS application to improve security and cross-origin request handling.

📋 What You'll Learn

Create a basic NestJS application with an AppModule and main.ts file

Add cors middleware with specific origin settings

Add helmet middleware for security headers

Configure middleware in the main.ts bootstrap function

💡 Why This Matters

🌍 Real World

Web servers often need to control which websites can access their data and protect themselves from attacks. Using middleware like cors and helmet helps keep apps safe and working well with other sites.

💼 Career

Backend developers use middleware configuration daily to secure APIs and manage cross-origin requests. Knowing how to add and configure third-party middleware in frameworks like NestJS is a key skill.

Progress0 / 4 steps

Create a basic NestJS application setup

In main.ts, import NestFactory from @nestjs/core and AppModule from ./app.module. Then create an async bootstrap function that creates the app with NestFactory.create(AppModule) and calls app.listen(3000).

NestJS

import { NestFactory } from '@nestjs/core';
import { AppModule } from './app.module';

async function bootstrap() {
  // Your code here
}

bootstrap();

Need a hint?

Remember to import NestFactory and AppModule. Use await NestFactory.create(AppModule) to create the app and app.listen(3000) to start the server.

Add a configuration variable for CORS origin

Create a constant called corsOptions as an object with a single property origin set to 'https://example.com'. This will allow only this origin to access your server.

NestJS

import { NestFactory } from '@nestjs/core';
import { AppModule } from './app.module';

const corsOptions = {
  // Your code here
};

async function bootstrap() {
  const app = await NestFactory.create(AppModule);
  await app.listen(3000);
}

bootstrap();

Need a hint?

Create a constant corsOptions with origin set to 'https://example.com'.

Apply CORS and Helmet middleware in the bootstrap function

Inside the bootstrap function, before app.listen(3000), add app.enableCors(corsOptions) to enable CORS with your options. Then import helmet from helmet at the top and add app.use(helmet()) to apply security headers.

NestJS

import { NestFactory } from '@nestjs/core';
import { AppModule } from './app.module';
import helmet from 'helmet';

const corsOptions = {
  origin: 'https://example.com'
};

async function bootstrap() {
  const app = await NestFactory.create(AppModule);
  // Your code here
  await app.listen(3000);
}

bootstrap();

Need a hint?

Import helmet and use app.use(helmet()). Use app.enableCors(corsOptions) to apply CORS settings.

Complete the NestJS app with middleware configured

Ensure the full main.ts file includes the imports for NestFactory, AppModule, and helmet, the corsOptions constant, and the bootstrap function that creates the app, applies cors and helmet middleware, and listens on port 3000.

NestJS

import { NestFactory } from '@nestjs/core';
import { AppModule } from './app.module';
import helmet from 'helmet';

const corsOptions = {
  origin: 'https://example.com'
};

async function bootstrap() {
  const app = await NestFactory.create(AppModule);
  app.enableCors(corsOptions);
  app.use(helmet());
  // Your code here
}

bootstrap();

Need a hint?

Make sure all parts are included: imports, corsOptions, and the bootstrap function with middleware and server start.