UNPKG

@elysiajs/cors

Version:

Plugin for Elysia that for Cross Origin Requests (CORs)

github.com/elysiajs/elysia-cors

elysiajs/elysia-cors

115 lines (76 loc) 3.02 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
# @elysiajs/cors Plugin for [elysia](https://github.com/elysiajs/elysia) that for Cross Origin Requests (CORs) ## Installation ```bash bun add @elysiajs/cors ``` ## Example ```typescript import { Elysia } from 'elysia' import { cors } from '@elysiajs/cors' const app = new Elysia() .use(cors()) .listen(8080) ``` ## Config ### origin @default `true` Assign the **Access-Control-Allow-Origin** header. Value can be one of the following: - `string` - String of origin which will directly assign to `Access-Control-Allow-Origin` - `boolean` - If set to true, `Access-Control-Allow-Origin` will be set to `*` (accept all origin) - `RegExp` - Pattern to use to test with request's url, will accept origin if matched. - `Function` - Custom logic to validate origin acceptance or not. will accept origin if `true` is returned. - Function will accepts `Context` just like `Handler` ```typescript // Example usage app.use(cors, { origin: ({ request, headers }) => true }) // Type Definition type CORSOriginFn = (context: Context) => boolean | void ``` - `Array<string | RegExp | Function>` - Will try to find truthy value of all options above. Will accept Request if one is `true`. ### methods @default `*` Assign **Access-Control-Allow-Methods** header. Value can be one of the following: Accept: - `undefined | null | ''` - Ignore all methods. - `*` - Accept all methods. - `HTTPMethod` - Will be directly set to **Access-Control-Allow-Methods**. - Expects either a single method or a comma-delimited string (eg: 'GET, PUT, POST') - `HTTPMethod[]` - Allow multiple HTTP methods. - eg: ['GET', 'PUT', 'POST'] ### allowedHeaders @default `*` Assign **Access-Control-Allow-Headers** header. Allow incoming request with the specified headers. Value can be one of the following: - `string` - Expects either a single method or a comma-delimited string (eg: 'Content-Type, Authorization'). - `string[]` - Allow multiple HTTP methods. - eg: ['Content-Type', 'Authorization'] ### exposedHeaders @default `*` Assign **Access-Control-Exposed-Headers** header. Return the specified headers to request in CORS mode. Value can be one of the following: - `string` - Expects either a single method or a comma-delimited string (eg: 'Content-Type, 'X-Powered-By'). - `string[]` - Allow multiple HTTP methods. - eg: ['Content-Type', 'X-Powered-By'] ### credentials @default `true` Assign **Access-Control-Allow-Credentials** header. Allow incoming requests to send `credentials` header. - `boolean` - Available if set to `true`. ### maxAge @default `5` Assign **Access-Control-Max-Age** header. Allow incoming requests to send `credentials` header. - `number` - Duration in seconds to indicates how long the results of a preflight request can be cached. ### preflight @default `true` Add `[OPTIONS] /*` handler to handle preflight request which response with `HTTP 204` and CORS hints. - `boolean` - Available if set to `true`.