-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmiddleware.tsx
58 lines (46 loc) · 1.64 KB
/
middleware.tsx
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
import { NextRequest, NextResponse } from "next/server";
// apply authetication by next-auth to entire project.
export { default } from "next-auth/middleware";
// apply next-auth to specific matching route
// Ref: https://nextjs.org/docs/app/building-your-application/routing/middleware#matcher
// export const config = { matcher: ["/dashboard", "/extra"] };
// to allow cross-origin requests
const allowedOrigins = [
"https://acme.com",
"https://my-app.org",
"http://localhost:3000/*",
"https://www.wikipedia.org/*",
"https://www.sciencedirect.com/*",
"https://serpapi.com/*"
];
const corsOptions = {
"Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
"Access-Control-Allow-Headers": "Content-Type, Authorization",
};
export function middleware(request: NextRequest) {
// Check the origin from the request
const origin = request.headers.get("origin") ?? "";
const isAllowedOrigin = allowedOrigins.includes(origin);
// Handle preflighted requests
const isPreflight = request.method === "OPTIONS";
if (isPreflight) {
const preflightHeaders = {
...(isAllowedOrigin && { "Access-Control-Allow-Origin": origin }),
...corsOptions,
};
return NextResponse.json({}, { headers: preflightHeaders });
}
// Handle simple requests
const response = NextResponse.next();
if (isAllowedOrigin) {
response.headers.set("Access-Control-Allow-Origin", origin);
}
Object.entries(corsOptions).forEach(([key, value]) => {
response.headers.set(key, value);
});
return response;
}
export const config = {
// matcher: "/api/:path*",
matcher: ["/dashboard", "/extra", "/api/:path*", "/:path*"],
};