-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathems.txt
More file actions
39 lines (31 loc) · 1.29 KB
/
ems.txt
File metadata and controls
39 lines (31 loc) · 1.29 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
// middleware.js or src/middleware.js
import { NextResponse } from 'next/server';
const allowedOrigins = ['https://www.your-allowed-domain.com'];
export function middleware(request) {
const origin = request.headers.get('origin');
console.log('Request Origin:', origin); // Optional: log the origin for debugging
// Check if the origin is in the list of allowed origins
if (origin && !allowedOrigins.includes(origin)) {
// If not allowed, return a 403 Forbidden response
return new NextResponse(null, {
status: 403,
statusText: "Forbidden",
headers: {
'Content-Type': 'text/plain',
},
});
}
// Set the necessary CORS headers for the allowed origin
const response = NextResponse.next();
if (origin && allowedOrigins.includes(origin)) {
response.headers.set('Access-Control-Allow-Origin', origin);
}
response.headers.set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
response.headers.set('Access-Control-Allow-Headers', 'Content-Type, Authorization');
response.headers.set('Access-Control-Max-Age', '86400'); // Cache CORS headers for 24 hours
return response;
}
// Specify the paths where this middleware should run
export const config = {
matcher: '/api/:path*', // Apply middleware to all routes under /api
};