Comments (9)
For anyone else coming to this issue, I had some real trouble getting koa/cors & koa-router to play nicely.
In the end I did something like this:
router.all('/mypath', cors({
origin: (ctx) => {
const requestOrigin = ctx.get('Origin');
if (someKindOfTest(requestOrigin)) {
return requestOrigin;
}
return '';
},
allowMethods: 'GET,OPTIONS'
}));
Note the use of all()
which lets koa-router accept pre-flight OPTIONS
calls. If you use...use()
you encounter these open issues with koa-router v7: https://github.com/ZijianHe/koa-router/labels/always%20call%20middleware.
Don't forget to add OPTIONS
to allowMethods
too.
As an aside; in an example in the test file for koa/cors
you return false
instead of an empty string to indicate that the origin is not allowed. But I'm writing TypeScript and because of the later call to ctx.set()
which requires a string as a second argument (the value of the header), it shouldn't really be returning false
(it's also not allowed by @types/koa__cors
). I appreciate that's a strict typing issue, but I think it would be beneficial to have some clarification in the README as to what the expected return value of the origin function should be.
from cors.
@jalada worked for me and saved me a bunch of time, really appreciate it.
from cors.
Should be possible, since this is just middleware.
Note that CORS requests use the HTTP OPTIONS* method instead of GET, so it may not work if you only bind it to GET.
from cors.
Curiously, the issue solved one I created fake route for the OPTIONS http verb, for the same route that was failing before. I need to investigate why
Anyway, thanks for your configmation
from cors.
@develmts Whoops, of course it was OPTIONS, not HEAD. 🙁
from cors.
But supposedly the koa-router should manage this automatically with the router.allowedMethods(), true?
from cors.
@develmts I don't think so. You're explicitly telling it to only use GET. I'd probably submit a bug report if it listens to OPTIONS without me allowing that.
from cors.
As per koa-router Github Home
router.allowedMethods([options]) ⇒ function
Returns separate middleware for responding to OPTIONS requests with an Allow header containing the
allowed methods, as well as responding with 405 Method Not Allowed and 501 Not Implemented as
appropriate.
from cors.
@develmts Interesting, thanks.
from cors.
Related Issues (20)
- Bump npm latest version to 2
- npm audit reveals security vulnerabilities
- GMT koa deprecated Support for generators will be removed in v3. See the documentation for examples of how to convert old middleware https://github.com/koajs/koa/blob/master/docs/migration.md at server\index.js:6:5 HOT 3
- Docs: Installation modify HOT 1
- Header not set on error response HOT 2
- How to set CORS of static resources HOT 2
- should preflight request return 204 instead of 404 when origin not match?
- documentation missing: needs to be used before router HOT 1
- allowHeaders doesn't support functions? HOT 2
- Does this still maintains ?
- Integrate with @types/koa__cors
- How to set multiple domains ? HOT 2
- How to resolve socket cors HOT 1
- https://github.com/koajs/cors/blob/master/index.js#L138
- Access-Control-Request-Private-Network HOT 2
- Should default options allow null origin?
- Allow not returning any access control headers if the Origin is not allowed to access the resource HOT 1
- Overly permissive origin policy HOT 2
- The default CORS configuration poses a security risk. HOT 3
- Access-Control-Allow-Origin set to '*' even when 'Origin' is supplied HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cors.