CORS helps your NestJS app control who can access its resources from other websites. It keeps your app safe by blocking unwanted requests.
const app = await NestFactory.create(AppModule); app.enableCors({ origin: 'http://example.com', methods: ['GET', 'HEAD', 'PUT', 'PATCH', 'POST', 'DELETE'], credentials: true, }); await app.listen(3000);
The origin option controls which website URLs can access your backend.
Use credentials: true if you want to allow cookies or authorization headers.
app.enableCors();
https://myfrontend.com.app.enableCors({ origin: 'https://myfrontend.com' });app.enableCors({ origin: ['https://site1.com', 'https://site2.com'] });app.enableCors({
origin: '*',
methods: ['GET', 'POST'],
allowedHeaders: ['Content-Type', 'Authorization']
});This NestJS app allows CORS requests only from http://localhost:4200 with GET and POST methods. It also allows credentials like cookies.
import { NestFactory } from '@nestjs/core'; import { AppModule } from './app.module'; async function bootstrap() { const app = await NestFactory.create(AppModule); app.enableCors({ origin: 'http://localhost:4200', methods: ['GET', 'POST'], credentials: true, }); await app.listen(3000); console.log('Server running on http://localhost:3000'); } bootstrap();
Be careful with origin: '*' when using credentials; browsers block this combination.
You can also configure CORS globally in the main.ts file or per route using decorators.
Use browser DevTools Network tab to check CORS headers and errors when testing.
CORS controls which websites can access your NestJS backend.
Use app.enableCors() to set CORS options simply.
Always specify allowed origins and methods to keep your app secure.