Giter Club home page Giter Club logo

cors's Introduction

@tinyhttp/cors

npm GitHub Workflow Status Coverage

A rewrite of expressjs/cors module.

HTTP cors header middleware.

Install

pnpm i @tinyhttp/cors

API

import { cors } from '@tinyhttp/cors'

cors(options)

Returns the CORS middleware with the settings specified in the parameters

Options

  • origin: Can be a string defining the Access-Control-Allow-Origin value, a boolean which if set to true sets the header to '*', a Regex type, an array (for multiple origins) or a function which contains the request and response as parameters and must return the value for the Access-Control-Allow-Origin header
  • methods: Array of method names which define the Access-Control-Allow-Methods header, default to all the most common methods (GET, HEAD, PUT, PATCH, POST, DELETE)
  • allowedHeaders: Configures the Access-Control-Allow-Headers CORS header. Expects an array (ex: ['Content-Type', 'Authorization']).
  • exposedHeaders: Configures the Access-Control-Expose-Headers CORS header. If not specified, no custom headers are exposed
  • credentials: Configures the Access-Control-Allow-Credentials CORS header. Set to true to pass the header, otherwise it is omitted.
  • maxAge: Configures the Access-Control-Max-Age CORS header. Set to an integer to pass the header, otherwise it is omitted.
  • optionsSuccessStatus: Provides a status code to use for successful OPTIONS requests, since some legacy browsers (IE11, various SmartTVs) choke on 204.
  • preflightContinue: Set 204 and finish response if true, call next if false.

The default configuration is:

{
  "origin": "*",
  "methods": ["GET", "HEAD", "PUT", "PATCH", "POST", "DELETE"],
  "optionsSuccessStatus": 204,
  "preflightContinue": false
}

Example

import { App } from '@tinyhttp/app'
import { cors } from '@tinyhttp/cors'

const app = new App()

app
  .use(cors({ origin: 'https://myfantastic.site/' }))
  .options('*', cors())
  .get('/', (req, res) => {
    res.send('The headers contained in my response are defined in the cors middleware')
  })
  .listen(3000)

cors's People

Contributors

aarontravass avatar lordfirespeed avatar talentlessguy avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

aarontravass lordfirespeed

cors's Issues

Passing `string[]` for `origin` option causes internal server error

As title.

Minimum reproduction:

import { App } from "@tinyhttp/app"
import { cors } from "@tinyhttp/cors"
import { logger } from "@tinyhttp/logger"

const app = new App()

app
  .use(logger())
  .use(cors({
    origin: ["http://localhost:3001"]
  }))
  .listen(3000, () => console.log(`Listening on http://localhost:3000`))

Now, requests to http://localhost:3000 from the origin http://localhost:3001 succeed (404 status) as intended

However, direct requests to http://localhost:3000 fail (500 status on Firefox) because the Origin header is omitted from the request (value of undefined) which means here origin.indexOf(undefined) always returns -1, leading to the rather confusing No other objects allowed. Allowed types is array of strings or RegExp error message

Proposed 'correct' behaviour when origin is a string[]:

  • When the Origin header is excluded, CORS headers need not be attached to the response as the request is not cross-origin
  • When the Origin header is included and present in the origin array, CORS headers should be attached to the response, including an Access-Control-Allow-Origin header whose value matches the value of the request's Origin header
  • When the Origin header is included and not present in the origin array, no Access-Control-Allow-Origin header should be attached to the response

express.js' cors working but tinyhttp's not

Just by commenting "@tinyhttp/cors" and using express.js' cors instead, my application works, but somehow, when I comment express.js' cors to use tinyhttp's, the server starts rejecting everything. I am not using anything but the default .use(cors())

image

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.