nestjs allow origin

What is NestJS Allow Origin?

Have you ever encountered an error message saying "Access to XMLHttpRequest has been blocked by CORS policy"? This usually happens when you try to make an AJAX request from a different domain. In order to prevent cross-site scripting attacks, browsers have implemented the Same Origin Policy, which restricts web pages from making requests to a different domain than the one that served the web page.

To bypass this restriction, we need to enable Cross-Origin Resource Sharing (CORS) on the server-side. This is where NestJS Allow Origin comes into play. NestJS provides a built-in middleware called 'CorsMiddleware' that can be used to enable CORS.

How to enable NestJS Allow Origin?

To enable CORS in your NestJS application, you need to do the following:

  1. Import the CorsMiddleware from @nestjs/common package and add it to the AppModule.
  2. Call the .enable() method on the CorsMiddleware instance and pass in an options object with the desired configuration.

Here's an example of how to use the CorsMiddleware:

import { Module, NestModule, MiddlewareConsumer } from '@nestjs/common';
import { AppController } from './app.controller';
import { AppService } from './app.service';
import { CorsMiddleware } from '@nestjs/common';

  imports: [],
  controllers: [AppController],
  providers: [AppService],
export class AppModule implements NestModule {
  configure(consumer: MiddlewareConsumer) {

This code will enable CORS for all routes in your application. You can also configure the CorsMiddleware to allow only specific origins, methods, and headers. Here's an example:

    origin: 'http://localhost:3000',
    preflightContinue: false,
    optionsSuccessStatus: 204,
    credentials: true,

Here, we're allowing requests from http://localhost:3000, and specifying the allowed HTTP methods, as well as some other options.


NestJS Allow Origin is a powerful middleware that can help you bypass the Same Origin Policy and enable CORS in your application. By using NestJS CorsMiddleware, you can easily configure your server to allow requests from any domain or specific domains, and specify which HTTP methods and headers are allowed. With NestJS, you can be sure that your application is secure and compliant with web standards.

Subscribe to The Poor Coder | Algorithm Solutions

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]