HeronJS 3.0 is released
Security
Helmet & Cors

The helmet and cors were enabled by default.

  • helmet - Can help protect your app from some well-known web vulnerabilities by setting HTTP headers appropriately.
  • cors - Cross-origin resource sharing (CORS) is a mechanism that allows resources to be requested from another domain.

Change CORS configuration

const main = async () => {
    const app = await HeronJS.create({ module: AppModule });
    await app.listen({
        port: 3000,
        options: {
            cors: {
                origin: '*',
                preflightContinue: false,
                methods: 'GET,HEAD,PUT,PATCH,POST,DELETE',
            },
            helmet: {
                referrerPolicy: { policy: "no-referrer" }
            }
        },
    });
};
AuthorizationOverview