Add `Access-Control-Allow-Origin` header to JSON and Yaml express endpoints

[OisinKyne]

Is there an existing issue that is already proposing this?

• [X] I have searched the existing issues

Is your feature request related to a problem? Please describe it

I am trying to link to https://mysite.com/api-json in an OpenAPI explorer like this one https://redocly.github.io/redoc/ however this endpoint, represented by this line doesn't have a permissive CORS header that lets this resource be loaded on another domain.

Describe the solution you'd like

Either an option to set it in the custom options, or that the swagger module would inspect if the nest/express app it is passed at construction has cors enabled, and respects that automatically.

Drawbacks of allowing this or enabling CORS too readily is that other websites might host your API docs that you didn't permit. Hence I don't suggest we hardcode it in, as that it is not an ideal default to have on.

Teachability, documentation, adoption, migration strategy

No response

What is the motivation / use case for changing the behavior?

Being able to read the JSON (and Yaml) representations that nestjs/swagger automatically builds for you on other domains and OpenAPI viewers. Opening up easy optionality for what UI you want to use.

[kamilmysliwiec]

AFAIK you can just register a middleware in front of this route (that will handle CORS).

Please, use our Discord channel (support) for such questions. We are using GitHub to track bugs, feature requests, and potential improvements.