nuxt-security
Version:
🛡️ Security Module for Nuxt based on HTTP Headers and Middleware
27 lines (26 loc) • 902 B
JavaScript
import { defineEventHandler, handleCors } from "h3";
import { resolveSecurityRules } from "../../nitro/context/index.js";
export default defineEventHandler((event) => {
const rules = resolveSecurityRules(event);
if (rules.enabled && rules.corsHandler) {
const { corsHandler } = rules;
let origin;
if (typeof corsHandler.origin === "string" && corsHandler.origin !== "*") {
origin = [corsHandler.origin];
} else {
origin = corsHandler.origin;
}
if (origin && origin !== "*" && corsHandler.useRegExp) {
origin = origin.map((o) => new RegExp(o, "i"));
}
handleCors(event, {
origin,
methods: corsHandler.methods,
allowHeaders: corsHandler.allowHeaders,
exposeHeaders: corsHandler.exposeHeaders,
credentials: corsHandler.credentials,
maxAge: corsHandler.maxAge,
preflight: corsHandler.preflight
});
}
});