form-cors v1.0.2

form-cors

form-cors is a node.js package designed to protect cross domain attacks form HTTP form request, since form request doesn't make JavaScript same origin policy works. You can see here for more information.

This package is a Nest.js middleware(may also works with Express), but it's simple since it just blocks any request with req.header('content-type') === 'application/x-www-form-urlencoded'. This maybe aggressive, but you can use configuration like a allowList though.

• Installation
• Usage
• Configuration Options
• License
• Author

Installation

You can install the package from npm registry. Installation is done using command npm install :

$ npm install form-cors

Usage

Within your Nest.js main.ts, import and use this module like the example below:

import { NestFactory } from '@nestjs/core';
import { AppModule } from './app.module';
import formCors from 'form-cors';

async function bootstrap() {
  const app = await NestFactory.create(AppModule);
  app.use(formCors());
  
  await app.listen(3000);
}

bootstrap();

Hint! This module doesn't block JavaScript cross domain requests! So you should always also set a cors protection.

Configuration Options

• allowList: Array of domains that can be excluded from the protection, example: ['https://my.domain.com']
• exception: An Exception will be thrown if a client sends a form post. Usually you should set a Nestjs Exception like new NotAcceptableException() from @nestjs/common.

with configuration, here's a simple snippet:

app.use(formCors({
  allowList: ['https://my.domain.com'],
  exception: new NotAcceptableException('This request is not allowed.'),
}));

License

MIT License

Author

Casimir Crystal (casimir.crystal.blue@outlook.com)