@aomex/cors
Advanced tools
Comparing version 0.0.27 to 1.0.0
| # @aomex/cors | ||
| ## 0.0.27 | ||
| ## 1.0.0 | ||
| ### Patch Changes | ||
| ### Minor Changes | ||
| - Updated dependencies [[`59cd3f9`](https://github.com/aomex/aomex/commit/59cd3f98a0b5648a972d6118ba21501130a9ee7e), [`90ca7d5`](https://github.com/aomex/aomex/commit/90ca7d5fc736b523c4fbf7949f64653428dc413c)]: | ||
| - @aomex/web@0.0.29 | ||
| - @aomex/core@0.0.28 | ||
| - [`11103a2`](https://github.com/aomex/aomex/commit/11103a2aff4e081754c56b0ff18fa5130ca252e8) Thanks [@geekact](https://github.com/geekact)! - 重新制作 | ||
| ## 0.0.26 | ||
| ### Patch Changes | ||
| - [`00bafbb`](https://github.com/aomex/aomex/commit/00bafbbac2d32205b63a6bf561fb0a69c38a54bb) Thanks [@geekact](https://github.com/geekact)! - refactor(core): 缓存迁移到新的包@aomex/internal-cache | ||
| - Updated dependencies [[`00bafbb`](https://github.com/aomex/aomex/commit/00bafbbac2d32205b63a6bf561fb0a69c38a54bb), [`8becf8e`](https://github.com/aomex/aomex/commit/8becf8ee5ef86a5909783d0654e536db7be9bf5b), [`0776719`](https://github.com/aomex/aomex/commit/077671963401f1dafb5b03722899452d45df13fc), [`f996bf7`](https://github.com/aomex/aomex/commit/f996bf7e529e7751a5e858c579feed33f5f02d65)]: | ||
| - @aomex/core@0.0.27 | ||
| - @aomex/web@0.0.28 | ||
| ## 0.0.25 | ||
| ### Patch Changes | ||
| - Updated dependencies [[`33c3c61`](https://github.com/aomex/aomex/commit/33c3c614be9f66077f7487350b88d2db854f5fc8), [`fbcea3d`](https://github.com/aomex/aomex/commit/fbcea3d68ff033e6861130c645c8e5ad7336193f)]: | ||
| - @aomex/web@0.0.27 | ||
| - @aomex/core@0.0.26 | ||
| ## 0.0.24 | ||
| ### Patch Changes | ||
| - Updated dependencies [[`5ef2022`](https://github.com/aomex/aomex/commit/5ef202248b4320ff9076fbecb54379055cffb7db), [`8d9e9d8`](https://github.com/aomex/aomex/commit/8d9e9d8ece0bbcc7e1ac685702eacbfdfa145aa9), [`0e6ed2c`](https://github.com/aomex/aomex/commit/0e6ed2c611100dcfaafb6fb41357624ad9f5c67a)]: | ||
| - @aomex/web@0.0.26 | ||
| - @aomex/core@0.0.25 | ||
| ## 0.0.23 | ||
| ### Patch Changes | ||
| - Updated dependencies [[`2ac62fd`](https://github.com/aomex/aomex/commit/2ac62fd28166a1d9dd60b3c6d5a6508a6f9ee82b), [`4258410`](https://github.com/aomex/aomex/commit/42584107ad9f7e34492ae1053fef83aa2d9d747a), [`4177cba`](https://github.com/aomex/aomex/commit/4177cba7877e38120842bd8d287eaed54e4926ca)]: | ||
| - @aomex/core@0.0.24 | ||
| - @aomex/web@0.0.25 | ||
| ## 0.0.22 | ||
| ### Patch Changes | ||
| - Updated dependencies [[`6621e4f`](https://github.com/aomex/aomex/commit/6621e4ff0f3509beeb332a0571a7db9c7d6ca99a), [`7b09277`](https://github.com/aomex/aomex/commit/7b09277136910966f500c8132303c7ddee84340c), [`46c5b72`](https://github.com/aomex/aomex/commit/46c5b72785011fa181767f4c8ea0d0f5008b21ae), [`9c78999`](https://github.com/aomex/aomex/commit/9c78999ebcb2962f30344acfbf6de0733d6fdd41), [`f4b012d`](https://github.com/aomex/aomex/commit/f4b012d98cddb2918479ea05df6c266dd914e53a)]: | ||
| - @aomex/web@0.0.24 | ||
| - @aomex/core@0.0.23 | ||
| ## 0.0.21 | ||
| ### Patch Changes | ||
| - Updated dependencies [[`6f7d706`](https://github.com/aomex/aomex/commit/6f7d7066c23711abdd149eb1c9a293ab8c4284a4), [`e21007a`](https://github.com/aomex/aomex/commit/e21007a82cb8eac73e1f696340bbe986d57dc159), [`e7bf93c`](https://github.com/aomex/aomex/commit/e7bf93cee6896c61d0bf3eb0921151dc6c1bc107), [`e21007a`](https://github.com/aomex/aomex/commit/e21007a82cb8eac73e1f696340bbe986d57dc159), [`818e840`](https://github.com/aomex/aomex/commit/818e840d36c7456a863fc071968b246c123c17f5), [`fb6c72d`](https://github.com/aomex/aomex/commit/fb6c72dbb266be4db92a542afe93dfa5d8c7cd41)]: | ||
| - @aomex/core@0.0.22 | ||
| - @aomex/web@0.0.23 | ||
| - Updated dependencies [[`11103a2`](https://github.com/aomex/aomex/commit/11103a2aff4e081754c56b0ff18fa5130ca252e8)]: | ||
| - @aomex/core@1.0.0 | ||
| - @aomex/web@1.0.0 |
@@ -7,3 +7,3 @@ import { WebContext, WebMiddleware } from '@aomex/web'; | ||
| */ | ||
| origin?: ((ctx: WebContext) => string) | ((ctx: WebContext) => PromiseLike<string>) | string; | ||
| origin?: ((ctx: WebContext) => string | undefined | Promise<string | undefined>) | string; | ||
| /** | ||
@@ -25,3 +25,2 @@ * 设置报头Access-Control-Allow-Methods,表示客户端所要访问的资源允许使用的方法或方法列表。 | ||
| * | ||
| * 我们可以传入更多额外的报头作为补充: | ||
| * | ||
@@ -34,3 +33,3 @@ * ```typescript | ||
| * | ||
| * 更多详细信息请参考[MDN](https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Headers/Access-Control-Expose-Headers) | ||
| * 更多详细信息请参考[MDN](https://developer.mozilla.org/zh_CN/docs/Web/HTTP/Headers/Access-Control-Expose-Headers) | ||
| */ | ||
@@ -51,11 +50,7 @@ exposeHeaders?: string[] | string; | ||
| */ | ||
| credentials?: ((ctx: WebContext) => boolean) | ((ctx: WebContext) => PromiseLike<boolean>) | boolean; | ||
| credentials?: ((ctx: WebContext) => boolean | Promise<boolean>) | boolean; | ||
| /** | ||
| * 抛出异常时把headers信息附加在`err.header`上。默认值:`true` | ||
| */ | ||
| keepHeadersOnError?: boolean; | ||
| /** | ||
| * 响应头部增加 `Cross-Origin-Opener-Policy` 和 `Cross-Origin-Embedder-Policy` 这两个个报头。默认值:`false` | ||
| * | ||
| * @see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/SharedArrayBuffer/Planned_changes | ||
| * @see https://developer.mozilla.org/en_US/docs/Web/JavaScript/Reference/Global_Objects/SharedArrayBuffer/Planned_changes | ||
| */ | ||
@@ -75,2 +70,2 @@ secureContext?: boolean; | ||
| export { CorsOptions, cors }; | ||
| export { type CorsOptions, cors }; |
| // src/index.ts | ||
| import { middleware } from "@aomex/core"; | ||
| var defaults = { | ||
| allowMethods: "GET,HEAD,PUT,POST,DELETE,PATCH", | ||
| secureContext: false | ||
| }; | ||
| import vary from "vary"; | ||
| var cors = (options = {}) => { | ||
| options = { ...defaults, ...options }; | ||
| options = { | ||
| allowMethods: "GET,HEAD,PUT,POST,DELETE,PATCH", | ||
| secureContext: false, | ||
| ...options | ||
| }; | ||
| ["exposeHeaders", "allowMethods", "allowHeaders"].forEach((key) => { | ||
@@ -18,3 +19,2 @@ const value = options[key]; | ||
| } | ||
| options.keepHeadersOnError = options.keepHeadersOnError !== false; | ||
| return middleware.web(async (ctx, next) => { | ||
@@ -24,12 +24,10 @@ const { request, response } = ctx; | ||
| response.vary("Origin"); | ||
| if (!requestOrigin) | ||
| return next(); | ||
| let origin; | ||
| if (typeof options.origin === "function") { | ||
| origin = await options.origin(ctx); | ||
| if (!origin) | ||
| return next(); | ||
| } else { | ||
| origin = options.origin || requestOrigin; | ||
| } | ||
| if (!origin) | ||
| return next(); | ||
| let credentials; | ||
@@ -41,58 +39,13 @@ if (typeof options.credentials === "function") { | ||
| } | ||
| const headersSet = {}; | ||
| function setAndRecordHeader(key, value) { | ||
| response.setHeader(key, value); | ||
| headersSet[key] = value; | ||
| } | ||
| if (request.method !== "OPTIONS") { | ||
| setAndRecordHeader("Access-Control-Allow-Origin", origin); | ||
| credentials && setAndRecordHeader("Access-Control-Allow-Credentials", "true"); | ||
| if (options.exposeHeaders) { | ||
| setAndRecordHeader( | ||
| "Access-Control-Expose-Headers", | ||
| options.exposeHeaders | ||
| ); | ||
| } | ||
| if (options.secureContext) { | ||
| setAndRecordHeader("Cross-Origin-Opener-Policy", "same-origin"); | ||
| setAndRecordHeader("Cross-Origin-Embedder-Policy", "require-corp"); | ||
| } | ||
| if (!options.keepHeadersOnError) | ||
| return next(); | ||
| return next().catch((err) => { | ||
| const errHeadersSet = err.headers || {}; | ||
| const varyWithOrigin = response.varyAppend( | ||
| errHeadersSet["vary"] || errHeadersSet["Vary"] || "", | ||
| "Origin" | ||
| ); | ||
| delete errHeadersSet["Vary"]; | ||
| err.headers = { | ||
| ...errHeadersSet, | ||
| ...headersSet, | ||
| ...{ vary: varyWithOrigin } | ||
| }; | ||
| return Promise.reject(err); | ||
| }); | ||
| } else { | ||
| if (request.method === "OPTIONS") { | ||
| if (!request.headers["access-control-request-method"]) | ||
| return next(); | ||
| response.setHeader("Access-Control-Allow-Origin", origin); | ||
| if (credentials === true) { | ||
| response.setHeader("Access-Control-Allow-Credentials", "true"); | ||
| } | ||
| if (options.maxAge) { | ||
| response.setHeader("Access-Control-Max-Age", options.maxAge); | ||
| } | ||
| if (options.privateNetworkAccess && request.headers["access-control-request-private-network"]) { | ||
| response.setHeader("Access-Control-Allow-Private-Network", "true"); | ||
| } | ||
| if (options.allowMethods) { | ||
| response.setHeader( | ||
| "Access-Control-Allow-Methods", | ||
| options.allowMethods | ||
| ); | ||
| } | ||
| credentials && response.setHeader("Access-Control-Allow-Credentials", "true"); | ||
| options.maxAge && response.setHeader("Access-Control-Max-Age", options.maxAge); | ||
| options.privateNetworkAccess && request.headers["access-control-request-private-network"] && response.setHeader("Access-Control-Allow-Private-Network", "true"); | ||
| options.allowMethods && response.setHeader("Access-Control-Allow-Methods", options.allowMethods); | ||
| if (options.secureContext) { | ||
| setAndRecordHeader("Cross-Origin-Opener-Policy", "same-origin"); | ||
| setAndRecordHeader("Cross-Origin-Embedder-Policy", "require-corp"); | ||
| response.setHeader("Cross-Origin-Opener-Policy", "same-origin"); | ||
| response.setHeader("Cross-Origin-Embedder-Policy", "require-corp"); | ||
| } | ||
@@ -103,4 +56,30 @@ const allowHeaders = options.allowHeaders || request.headers["access-control-request-headers"]; | ||
| } | ||
| ctx.send(204); | ||
| return ctx.send(204); | ||
| } | ||
| const corsHeaders = {}; | ||
| function setAndRecordHeader(key, value) { | ||
| response.setHeader(key, value); | ||
| corsHeaders[key] = value; | ||
| } | ||
| setAndRecordHeader("Access-Control-Allow-Origin", origin); | ||
| credentials && setAndRecordHeader("Access-Control-Allow-Credentials", "true"); | ||
| options.exposeHeaders && setAndRecordHeader("Access-Control-Expose-Headers", options.exposeHeaders); | ||
| if (options.secureContext) { | ||
| setAndRecordHeader("Cross-Origin-Opener-Policy", "same-origin"); | ||
| setAndRecordHeader("Cross-Origin-Embedder-Policy", "require-corp"); | ||
| } | ||
| return next().catch((err) => { | ||
| const errHeaders = err.headers || {}; | ||
| const varyWithOrigin = vary.append( | ||
| errHeaders["vary"] || errHeaders["Vary"] || "", | ||
| "Origin" | ||
| ); | ||
| delete errHeaders["Vary"]; | ||
| err.headers = { | ||
| ...errHeaders, | ||
| ...corsHeaders, | ||
| ...{ vary: varyWithOrigin } | ||
| }; | ||
| return Promise.reject(err); | ||
| }); | ||
| }); | ||
@@ -107,0 +86,0 @@ }; |
| { | ||
| "name": "@aomex/cors", | ||
| "version": "0.0.27", | ||
| "version": "1.0.0", | ||
| "description": "跨站资源共享", | ||
| "keywords": [ | ||
| "cors" | ||
| ], | ||
| "repository": "git@github.com:aomex/aomex.git", | ||
@@ -32,12 +29,14 @@ "homepage": "https://aomex.js.org", | ||
| "peerDependencies": { | ||
| "@aomex/core": "^0.0.28", | ||
| "@aomex/web": "^0.0.29" | ||
| "@aomex/core": "^1.0.0", | ||
| "@aomex/web": "^1.0.0" | ||
| }, | ||
| "devDependencies": { | ||
| "@aomex/core": "^0.0.28", | ||
| "@aomex/web": "^0.0.29" | ||
| "@types/vary": "^1.1.3", | ||
| "@aomex/core": "^1.0.0", | ||
| "@aomex/web": "^1.0.0" | ||
| }, | ||
| "scripts": { | ||
| "test": "vitest" | ||
| } | ||
| "dependencies": { | ||
| "vary": "^1.1.2" | ||
| }, | ||
| "scripts": {} | ||
| } |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Fixed alerts
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Improved metrics
- Number of low quality alerts
- decreased by-100%
0
Worsened metrics
- Total package byte prevSize
- decreased by-20.96%
16951
- Dependency count
- increased by50%
3
- Dev dependency count
- increased by50%
3
- Lines of code
- decreased by-14.77%
150
Dependency changes
+ Addedvary@^1.1.2
+ Added@aomex/core@1.3.0(transitive)
+ Added@aomex/internal-tools@1.3.0(transitive)
+ Added@aomex/web@1.3.0(transitive)
- Removed@aomex/core@0.0.28(transitive)
- Removed@aomex/internal-tools@0.0.27(transitive)
- Removed@aomex/web@0.0.29(transitive)
- Removed@cspotcode/source-map-support@0.8.1(transitive)
- Removed@jridgewell/resolve-uri@3.1.2(transitive)
- Removed@jridgewell/sourcemap-codec@1.4.15(transitive)
- Removed@jridgewell/trace-mapping@0.3.9(transitive)
- Removed@tsconfig/node10@1.0.11(transitive)
- Removed@tsconfig/node12@1.0.11(transitive)
- Removed@tsconfig/node14@1.0.3(transitive)
- Removed@tsconfig/node16@1.0.4(transitive)
- Removedacorn@8.12.0(transitive)
- Removedacorn-walk@8.3.3(transitive)
- Removedarg@4.1.3(transitive)
- Removedchalk@5.3.0(transitive)
- Removedcontent-type@1.0.5(transitive)
- Removedcreate-require@1.1.1(transitive)
- Removeddiff@4.0.2(transitive)
- Removedencodeurl@1.0.2(transitive)
- Removedescape-html@1.0.3(transitive)
- Removedlru-cache@10.3.0(transitive)
- Removedmake-error@1.3.6(transitive)
- Removedts-node@10.9.2(transitive)
- Removedv8-compile-cache-lib@3.0.1(transitive)
- Removedyn@3.1.1(transitive)