UNPKG

control-access

Version:

Easy CORS handling

github.com/kevva/control-access

kevva/control-access

102 lines (52 loc) 2.79 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
# control-access [![Build Status](https://travis-ci.org/kevva/control-access.svg?branch=master)](https://travis-ci.org/kevva/control-access) > Easy CORS handling ## Install ``` $ npm install control-access ``` ## Usage ```js const controlAccess = require('control-access'); module.exports = (req, res) => { controlAccess()(req, res); res.end('unicorns'); }; ``` ## API ### controlAccess([options])(request, response) #### options Type: `Object` ##### allowCredentials Type: `boolean` [`Access-Control-Allow-Credentials`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials) indicates whether or not the response to the request can be exposed when the credentials flag is true. Can be set globally with the `ACCESS_ALLOW_CREDENTIALS` environment variable. Possible values are `1` and `0`. ##### allowHeaders Type: `Array` `string` [`Access-Control-Allow-Headers`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers) is used in response to a preflight request to indicate which HTTP headers can be used when making the actual request. Can be set globally with the `ACCESS_ALLOW_HEADERS` environment variable using a comma delimited string. ##### allowMethods Type: `Array` `string` [`Access-Control-Allow-Methods`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods) specifies the method or methods allowed when accessing the resource. Can be set globally with the `ACCESS_ALLOW_METHODS` environment variable using a comma delimited string. ##### allowOrigin Type: `string` [`Access-Control-Allow-Origin`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin) specifies a URI that may access the resource. Can be set globally with the `ACCESS_ALLOW_ORIGIN` environment variable. ##### exposeHeaders Type: `Array` `string` [`Access-Control-Expose-Headers`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers) response header indicates which headers can be exposed as part of the response. Can be set globally with the `ACCESS_EXPOSE_HEADERS` environment variable using a comma delimited string. ##### maxAge Type: `number` [`Access-Control-Max-Age`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age) indicates how long the results of a preflight request can be cached. Can be set globally with the `ACCESS_MAX_AGE` environment variable. #### request Type: `http.IncomingMessage` Incoming HTTP request. #### response Type: `http.ServerResponse` Response object. ## Related * [micro-access](https://github.com/kevva/micro-access) - Easy CORS handling for `micro` ## License MIT © [Kevin Mårtensson](https://github.com/kevva)