feat(api-server): refactor CORS handling to use new crossOrigin confi…

…guration

packages/api-server/src/api-server-response.ts

@@ -41,12 +41,12 @@ export class NanotronServerResponse {
       'content-type': 'text/plain charset=UTF-8',
     };
 
-    const allowOrigin = this.clientRequest.routeOption?.allowOrigin;
-    if (allowOrigin) {
-      this.headers['access-control-allow-origin'] = allowOrigin.origin;
-      this.headers['access-control-allow-methods'] = allowOrigin.methods;
-      this.headers['access-control-allow-headers'] = allowOrigin.headers;
-      this.headers['access-control-max-age'] = allowOrigin.maxAge;
+    const crossOrigin = this.clientRequest.routeOption?.crossOrigin;
+    if (crossOrigin?.enable === true) {
+      this.headers['access-control-allow-origin'] = crossOrigin.origin;
+      this.headers['access-control-allow-methods'] = crossOrigin.methods;
+      this.headers['access-control-allow-headers'] = crossOrigin.headers;
+      this.headers['access-control-max-age'] = crossOrigin.maxAge;
     }
   }
 

packages/api-server/src/api-server.ts

@@ -62,9 +62,10 @@ export interface NanotronApiServerConfig {
   /**
    * Add OPTIONS route for preflight requests to allow access origins.
    *
-   * @default {origin: '*', methods: '*', headers: '*', maxAge: 86_400}
+   * @default {enable: false, origin: '*', methods: '*', headers: '*', maxAge: 86_400}
    */
-  allowOrigin: {
+  crossOrigin?: {
+    enable: boolean;
     origin: string;
     methods: string;
     headers: string;
@@ -94,7 +95,8 @@ export class NanotronApiServer {
     headersTimeout: 130_000,
     keepAliveTimeout: 120_000,
     healthRoute: true,
-    allowOrigin: {
+    crossOrigin: {
+      enable: false,
       origin: '*',
       methods: '*',
       headers: '*',
@@ -104,7 +106,7 @@ export class NanotronApiServer {
     bodyLimit: 1_048_576, // 1MiB
   };
 
-  readonly config_;
+  readonly config_: Required<NanotronApiServerConfig>;
   protected readonly logger_;
 
   readonly httpServer;
@@ -213,7 +215,7 @@ export class NanotronApiServer {
       preHandlers: [],
       postHandlers: [],
       bodyLimit: this.config_.bodyLimit,
-      allowOrigin: this.config_.allowOrigin,
+      crossOrigin: this.config_.crossOrigin,
       ...option,
     };
     this.logger_.logMethodArgs?.('defineRoute', option_);
@@ -315,25 +317,21 @@ export class NanotronApiServer {
 
   protected defineCorsRoute_(): void {
     this.logger_.logMethod?.('defineCorsRoute_');
-
+    const crossOrigin = this.config_.crossOrigin;
+    if (crossOrigin?.enable !== true) return;
     this.defineRoute({
       method: 'OPTIONS',
       matchType: 'startsWith',
       url: '/',
       handler: function () {
-        const allowOrigin = this.routeOption?.allowOrigin;
-        if (allowOrigin === undefined) return;
-
         const res = this.serverResponse.raw_;
-
         res.writeHead(HttpStatusCodes.Success_204_No_Content, {
-          'access-control-allow-origin': allowOrigin.origin,
-          'access-control-allow-methods': allowOrigin.methods,
-          'access-control-allow-headers': allowOrigin.headers,
-          'access-control-max-age': allowOrigin.maxAge + '',
+          'access-control-allow-origin': crossOrigin.origin,
+          'access-control-allow-methods': crossOrigin.methods,
+          'access-control-allow-headers': crossOrigin.headers,
+          'access-control-max-age': crossOrigin.maxAge + '',
           'content-length': 0,
         });
-
         res.end();
       },
     });

packages/api-server/src/type.ts

@@ -77,7 +77,8 @@ export interface DefineRouteOption<TSharedMeta extends DictionaryOpt = Dictionar
    *
    * @default Api Server Config
    */
-  allowOrigin?: {
+  crossOrigin?: {
+    enable: boolean;
     origin: string;
     methods: string;
     headers: string;