hono
Version:
Web framework built on Web Standards
76 lines (75 loc) • 2.22 kB
JavaScript
// src/middleware/cors/index.ts
var cors = (options) => {
const defaults = {
origin: "*",
allowMethods: ["GET", "HEAD", "PUT", "POST", "DELETE", "PATCH"],
allowHeaders: [],
exposeHeaders: []
};
const opts = {
...defaults,
...options
};
const findAllowOrigin = ((optsOrigin) => {
if (typeof optsOrigin === "string") {
return () => optsOrigin;
} else if (typeof optsOrigin === "function") {
return optsOrigin;
} else {
return (origin) => optsOrigin.includes(origin) ? origin : optsOrigin[0];
}
})(opts.origin);
return async function cors2(c, next) {
function set(key, value) {
c.res.headers.set(key, value);
}
const allowOrigin = findAllowOrigin(c.req.header("origin") || "", c);
if (allowOrigin) {
set("Access-Control-Allow-Origin", allowOrigin);
}
if (opts.origin !== "*") {
const existingVary = c.req.header("Vary");
if (existingVary) {
set("Vary", existingVary);
} else {
set("Vary", "Origin");
}
}
if (opts.credentials) {
set("Access-Control-Allow-Credentials", "true");
}
if (opts.exposeHeaders?.length) {
set("Access-Control-Expose-Headers", opts.exposeHeaders.join(","));
}
if (c.req.method === "OPTIONS") {
if (opts.maxAge != null) {
set("Access-Control-Max-Age", opts.maxAge.toString());
}
if (opts.allowMethods?.length) {
set("Access-Control-Allow-Methods", opts.allowMethods.join(","));
}
let headers = opts.allowHeaders;
if (!headers?.length) {
const requestHeaders = c.req.header("Access-Control-Request-Headers");
if (requestHeaders) {
headers = requestHeaders.split(/\s*,\s*/);
}
}
if (headers?.length) {
set("Access-Control-Allow-Headers", headers.join(","));
c.res.headers.append("Vary", "Access-Control-Request-Headers");
}
c.res.headers.delete("Content-Length");
c.res.headers.delete("Content-Type");
return new Response(null, {
headers: c.res.headers,
status: 204,
statusText: c.res.statusText
});
}
await next();
};
};
export {
cors
};