@schibsted/middy-cors
Version:
Middy middleware for adding CORS headers to success response and errors
67 lines (56 loc) • 1.96 kB
JavaScript
const R = require('ramda');
const getAllowedOrigin = (origin, allowedOrigins) => {
if (R.includes('*', allowedOrigins)) {
return origin;
}
return R.find((allowedOrigin) => allowedOrigin === origin, allowedOrigins);
};
const getCorsHeaders = (
event,
{ allowedOrigins, exposeHeaders, maxAge, credentials, allowMethods, allowHeaders } = {}
) => {
const headers = {};
if (allowedOrigins) {
const origin = getAllowedOrigin(R.path(['headers', 'origin'], event), allowedOrigins);
if (origin) {
headers['access-control-allow-origin'] = origin;
}
}
if (credentials && !R.includes('*', allowedOrigins)) {
headers['access-control-allow-credentials'] = credentials;
}
if (!R.isNil(exposeHeaders) && !R.isEmpty(exposeHeaders)) {
headers['access-control-expose-headers'] = exposeHeaders.join(', ');
}
if (maxAge !== undefined) {
headers['access-control-max-age'] = maxAge;
}
if (!R.isNil(allowMethods) && !R.isEmpty(allowMethods)) {
headers['access-control-allow-methods'] = allowMethods.join(', ');
}
if (!R.isNil(allowHeaders) && !R.isEmpty(allowHeaders)) {
headers['access-control-allow-headers'] = allowHeaders.join(', ');
}
return headers;
};
const corsMiddleware = (opts) => ({
after: async (handler) => {
// eslint-disable-next-line no-param-reassign
handler.response.headers = {
...handler.response.headers,
...getCorsHeaders(handler.event, opts),
};
},
onError: async (handler) => {
// eslint-disable-next-line no-param-reassign
handler.response = R.assocPath(
['headers'],
{
...R.pathOr({}, ['response', 'headers'], handler),
...getCorsHeaders(handler.event, opts),
},
handler.response
);
},
});
module.exports = corsMiddleware;