fix(rsbuild-plugin): detect server.cors option to check waring (#3754)

Author: 2heal1

.changeset/nervous-cougars-heal.md

@@ -0,0 +1,5 @@
+---
+'@module-federation/rsbuild-plugin': patch
+---
+
+fix(rsbuild-plugin): detect server.cors option to check waring

packages/rsbuild-plugin/package.json

@@ -44,7 +44,7 @@
     "@module-federation/enhanced": "workspace:*"
   },
   "devDependencies": {
-    "@rsbuild/core": "^1.0.19"
+    "@rsbuild/core": "^1.3.17"
   },
   "peerDependencies": {
     "@rsbuild/core": "1.x"

packages/rsbuild-plugin/src/cli/index.ts

@@ -182,15 +182,18 @@ export const pluginModuleFederation = (
         // Allow remote modules to be loaded by setting CORS headers
         // This is required for MF to work properly across different origins
         config.server.headers ||= {};
-        if (!config.server.headers['Access-Control-Allow-Origin']) {
+        if (
+          !config.server.headers['Access-Control-Allow-Origin'] &&
+          !config.server.cors
+        ) {
           const corsWarnMsgs = [
-            'Detect devServer.headers is empty, mf modern plugin will add default cors header: devServer.headers["Access-Control-Allow-Headers"] = "*". It is recommended to specify an allowlist of trusted origins instead.',
+            'Detect that CORS options are not set, mf Rsbuild plugin will add default cors header: server.headers["Access-Control-Allow-Headers"] = "*". It is recommended to specify an allowlist of trusted origins in "server.cors" instead.',
             'View https://module-federation.io/guide/troubleshooting/other.html#cors-warn for more details.',
           ];
 
           logger.warn(corsWarnMsgs.join('\n'));
+          config.server.headers['Access-Control-Allow-Origin'] = '*';
         }
-        config.server.headers['Access-Control-Allow-Origin'] ||= '*';
 
         // For remote modules, Rsbuild should send the ws request to the provider's dev server.
         // This allows the provider to do HMR when the provider module is loaded in the consumer's page.