@aomex/cors
Advanced tools
Comparing version 0.0.27 to 1.0.0
# @aomex/cors | ||
## 0.0.27 | ||
## 1.0.0 | ||
### Patch Changes | ||
### Minor Changes | ||
- Updated dependencies [[`59cd3f9`](https://github.com/aomex/aomex/commit/59cd3f98a0b5648a972d6118ba21501130a9ee7e), [`90ca7d5`](https://github.com/aomex/aomex/commit/90ca7d5fc736b523c4fbf7949f64653428dc413c)]: | ||
- @aomex/web@0.0.29 | ||
- @aomex/core@0.0.28 | ||
- [`11103a2`](https://github.com/aomex/aomex/commit/11103a2aff4e081754c56b0ff18fa5130ca252e8) Thanks [@geekact](https://github.com/geekact)! - 重新制作 | ||
## 0.0.26 | ||
### Patch Changes | ||
- [`00bafbb`](https://github.com/aomex/aomex/commit/00bafbbac2d32205b63a6bf561fb0a69c38a54bb) Thanks [@geekact](https://github.com/geekact)! - refactor(core): 缓存迁移到新的包@aomex/internal-cache | ||
- Updated dependencies [[`00bafbb`](https://github.com/aomex/aomex/commit/00bafbbac2d32205b63a6bf561fb0a69c38a54bb), [`8becf8e`](https://github.com/aomex/aomex/commit/8becf8ee5ef86a5909783d0654e536db7be9bf5b), [`0776719`](https://github.com/aomex/aomex/commit/077671963401f1dafb5b03722899452d45df13fc), [`f996bf7`](https://github.com/aomex/aomex/commit/f996bf7e529e7751a5e858c579feed33f5f02d65)]: | ||
- @aomex/core@0.0.27 | ||
- @aomex/web@0.0.28 | ||
## 0.0.25 | ||
### Patch Changes | ||
- Updated dependencies [[`33c3c61`](https://github.com/aomex/aomex/commit/33c3c614be9f66077f7487350b88d2db854f5fc8), [`fbcea3d`](https://github.com/aomex/aomex/commit/fbcea3d68ff033e6861130c645c8e5ad7336193f)]: | ||
- @aomex/web@0.0.27 | ||
- @aomex/core@0.0.26 | ||
## 0.0.24 | ||
### Patch Changes | ||
- Updated dependencies [[`5ef2022`](https://github.com/aomex/aomex/commit/5ef202248b4320ff9076fbecb54379055cffb7db), [`8d9e9d8`](https://github.com/aomex/aomex/commit/8d9e9d8ece0bbcc7e1ac685702eacbfdfa145aa9), [`0e6ed2c`](https://github.com/aomex/aomex/commit/0e6ed2c611100dcfaafb6fb41357624ad9f5c67a)]: | ||
- @aomex/web@0.0.26 | ||
- @aomex/core@0.0.25 | ||
## 0.0.23 | ||
### Patch Changes | ||
- Updated dependencies [[`2ac62fd`](https://github.com/aomex/aomex/commit/2ac62fd28166a1d9dd60b3c6d5a6508a6f9ee82b), [`4258410`](https://github.com/aomex/aomex/commit/42584107ad9f7e34492ae1053fef83aa2d9d747a), [`4177cba`](https://github.com/aomex/aomex/commit/4177cba7877e38120842bd8d287eaed54e4926ca)]: | ||
- @aomex/core@0.0.24 | ||
- @aomex/web@0.0.25 | ||
## 0.0.22 | ||
### Patch Changes | ||
- Updated dependencies [[`6621e4f`](https://github.com/aomex/aomex/commit/6621e4ff0f3509beeb332a0571a7db9c7d6ca99a), [`7b09277`](https://github.com/aomex/aomex/commit/7b09277136910966f500c8132303c7ddee84340c), [`46c5b72`](https://github.com/aomex/aomex/commit/46c5b72785011fa181767f4c8ea0d0f5008b21ae), [`9c78999`](https://github.com/aomex/aomex/commit/9c78999ebcb2962f30344acfbf6de0733d6fdd41), [`f4b012d`](https://github.com/aomex/aomex/commit/f4b012d98cddb2918479ea05df6c266dd914e53a)]: | ||
- @aomex/web@0.0.24 | ||
- @aomex/core@0.0.23 | ||
## 0.0.21 | ||
### Patch Changes | ||
- Updated dependencies [[`6f7d706`](https://github.com/aomex/aomex/commit/6f7d7066c23711abdd149eb1c9a293ab8c4284a4), [`e21007a`](https://github.com/aomex/aomex/commit/e21007a82cb8eac73e1f696340bbe986d57dc159), [`e7bf93c`](https://github.com/aomex/aomex/commit/e7bf93cee6896c61d0bf3eb0921151dc6c1bc107), [`e21007a`](https://github.com/aomex/aomex/commit/e21007a82cb8eac73e1f696340bbe986d57dc159), [`818e840`](https://github.com/aomex/aomex/commit/818e840d36c7456a863fc071968b246c123c17f5), [`fb6c72d`](https://github.com/aomex/aomex/commit/fb6c72dbb266be4db92a542afe93dfa5d8c7cd41)]: | ||
- @aomex/core@0.0.22 | ||
- @aomex/web@0.0.23 | ||
- Updated dependencies [[`11103a2`](https://github.com/aomex/aomex/commit/11103a2aff4e081754c56b0ff18fa5130ca252e8)]: | ||
- @aomex/core@1.0.0 | ||
- @aomex/web@1.0.0 |
@@ -7,3 +7,3 @@ import { WebContext, WebMiddleware } from '@aomex/web'; | ||
*/ | ||
origin?: ((ctx: WebContext) => string) | ((ctx: WebContext) => PromiseLike<string>) | string; | ||
origin?: ((ctx: WebContext) => string | undefined | Promise<string | undefined>) | string; | ||
/** | ||
@@ -25,3 +25,2 @@ * 设置报头Access-Control-Allow-Methods,表示客户端所要访问的资源允许使用的方法或方法列表。 | ||
* | ||
* 我们可以传入更多额外的报头作为补充: | ||
* | ||
@@ -34,3 +33,3 @@ * ```typescript | ||
* | ||
* 更多详细信息请参考[MDN](https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Headers/Access-Control-Expose-Headers) | ||
* 更多详细信息请参考[MDN](https://developer.mozilla.org/zh_CN/docs/Web/HTTP/Headers/Access-Control-Expose-Headers) | ||
*/ | ||
@@ -51,11 +50,7 @@ exposeHeaders?: string[] | string; | ||
*/ | ||
credentials?: ((ctx: WebContext) => boolean) | ((ctx: WebContext) => PromiseLike<boolean>) | boolean; | ||
credentials?: ((ctx: WebContext) => boolean | Promise<boolean>) | boolean; | ||
/** | ||
* 抛出异常时把headers信息附加在`err.header`上。默认值:`true` | ||
*/ | ||
keepHeadersOnError?: boolean; | ||
/** | ||
* 响应头部增加 `Cross-Origin-Opener-Policy` 和 `Cross-Origin-Embedder-Policy` 这两个个报头。默认值:`false` | ||
* | ||
* @see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/SharedArrayBuffer/Planned_changes | ||
* @see https://developer.mozilla.org/en_US/docs/Web/JavaScript/Reference/Global_Objects/SharedArrayBuffer/Planned_changes | ||
*/ | ||
@@ -75,2 +70,2 @@ secureContext?: boolean; | ||
export { CorsOptions, cors }; | ||
export { type CorsOptions, cors }; |
// src/index.ts | ||
import { middleware } from "@aomex/core"; | ||
var defaults = { | ||
allowMethods: "GET,HEAD,PUT,POST,DELETE,PATCH", | ||
secureContext: false | ||
}; | ||
import vary from "vary"; | ||
var cors = (options = {}) => { | ||
options = { ...defaults, ...options }; | ||
options = { | ||
allowMethods: "GET,HEAD,PUT,POST,DELETE,PATCH", | ||
secureContext: false, | ||
...options | ||
}; | ||
["exposeHeaders", "allowMethods", "allowHeaders"].forEach((key) => { | ||
@@ -18,3 +19,2 @@ const value = options[key]; | ||
} | ||
options.keepHeadersOnError = options.keepHeadersOnError !== false; | ||
return middleware.web(async (ctx, next) => { | ||
@@ -24,12 +24,10 @@ const { request, response } = ctx; | ||
response.vary("Origin"); | ||
if (!requestOrigin) | ||
return next(); | ||
let origin; | ||
if (typeof options.origin === "function") { | ||
origin = await options.origin(ctx); | ||
if (!origin) | ||
return next(); | ||
} else { | ||
origin = options.origin || requestOrigin; | ||
} | ||
if (!origin) | ||
return next(); | ||
let credentials; | ||
@@ -41,58 +39,13 @@ if (typeof options.credentials === "function") { | ||
} | ||
const headersSet = {}; | ||
function setAndRecordHeader(key, value) { | ||
response.setHeader(key, value); | ||
headersSet[key] = value; | ||
} | ||
if (request.method !== "OPTIONS") { | ||
setAndRecordHeader("Access-Control-Allow-Origin", origin); | ||
credentials && setAndRecordHeader("Access-Control-Allow-Credentials", "true"); | ||
if (options.exposeHeaders) { | ||
setAndRecordHeader( | ||
"Access-Control-Expose-Headers", | ||
options.exposeHeaders | ||
); | ||
} | ||
if (options.secureContext) { | ||
setAndRecordHeader("Cross-Origin-Opener-Policy", "same-origin"); | ||
setAndRecordHeader("Cross-Origin-Embedder-Policy", "require-corp"); | ||
} | ||
if (!options.keepHeadersOnError) | ||
return next(); | ||
return next().catch((err) => { | ||
const errHeadersSet = err.headers || {}; | ||
const varyWithOrigin = response.varyAppend( | ||
errHeadersSet["vary"] || errHeadersSet["Vary"] || "", | ||
"Origin" | ||
); | ||
delete errHeadersSet["Vary"]; | ||
err.headers = { | ||
...errHeadersSet, | ||
...headersSet, | ||
...{ vary: varyWithOrigin } | ||
}; | ||
return Promise.reject(err); | ||
}); | ||
} else { | ||
if (request.method === "OPTIONS") { | ||
if (!request.headers["access-control-request-method"]) | ||
return next(); | ||
response.setHeader("Access-Control-Allow-Origin", origin); | ||
if (credentials === true) { | ||
response.setHeader("Access-Control-Allow-Credentials", "true"); | ||
} | ||
if (options.maxAge) { | ||
response.setHeader("Access-Control-Max-Age", options.maxAge); | ||
} | ||
if (options.privateNetworkAccess && request.headers["access-control-request-private-network"]) { | ||
response.setHeader("Access-Control-Allow-Private-Network", "true"); | ||
} | ||
if (options.allowMethods) { | ||
response.setHeader( | ||
"Access-Control-Allow-Methods", | ||
options.allowMethods | ||
); | ||
} | ||
credentials && response.setHeader("Access-Control-Allow-Credentials", "true"); | ||
options.maxAge && response.setHeader("Access-Control-Max-Age", options.maxAge); | ||
options.privateNetworkAccess && request.headers["access-control-request-private-network"] && response.setHeader("Access-Control-Allow-Private-Network", "true"); | ||
options.allowMethods && response.setHeader("Access-Control-Allow-Methods", options.allowMethods); | ||
if (options.secureContext) { | ||
setAndRecordHeader("Cross-Origin-Opener-Policy", "same-origin"); | ||
setAndRecordHeader("Cross-Origin-Embedder-Policy", "require-corp"); | ||
response.setHeader("Cross-Origin-Opener-Policy", "same-origin"); | ||
response.setHeader("Cross-Origin-Embedder-Policy", "require-corp"); | ||
} | ||
@@ -103,4 +56,30 @@ const allowHeaders = options.allowHeaders || request.headers["access-control-request-headers"]; | ||
} | ||
ctx.send(204); | ||
return ctx.send(204); | ||
} | ||
const corsHeaders = {}; | ||
function setAndRecordHeader(key, value) { | ||
response.setHeader(key, value); | ||
corsHeaders[key] = value; | ||
} | ||
setAndRecordHeader("Access-Control-Allow-Origin", origin); | ||
credentials && setAndRecordHeader("Access-Control-Allow-Credentials", "true"); | ||
options.exposeHeaders && setAndRecordHeader("Access-Control-Expose-Headers", options.exposeHeaders); | ||
if (options.secureContext) { | ||
setAndRecordHeader("Cross-Origin-Opener-Policy", "same-origin"); | ||
setAndRecordHeader("Cross-Origin-Embedder-Policy", "require-corp"); | ||
} | ||
return next().catch((err) => { | ||
const errHeaders = err.headers || {}; | ||
const varyWithOrigin = vary.append( | ||
errHeaders["vary"] || errHeaders["Vary"] || "", | ||
"Origin" | ||
); | ||
delete errHeaders["Vary"]; | ||
err.headers = { | ||
...errHeaders, | ||
...corsHeaders, | ||
...{ vary: varyWithOrigin } | ||
}; | ||
return Promise.reject(err); | ||
}); | ||
}); | ||
@@ -107,0 +86,0 @@ }; |
{ | ||
"name": "@aomex/cors", | ||
"version": "0.0.27", | ||
"version": "1.0.0", | ||
"description": "跨站资源共享", | ||
"keywords": [ | ||
"cors" | ||
], | ||
"repository": "git@github.com:aomex/aomex.git", | ||
@@ -32,12 +29,14 @@ "homepage": "https://aomex.js.org", | ||
"peerDependencies": { | ||
"@aomex/core": "^0.0.28", | ||
"@aomex/web": "^0.0.29" | ||
"@aomex/core": "^1.0.0", | ||
"@aomex/web": "^1.0.0" | ||
}, | ||
"devDependencies": { | ||
"@aomex/core": "^0.0.28", | ||
"@aomex/web": "^0.0.29" | ||
"@types/vary": "^1.1.3", | ||
"@aomex/core": "^1.0.0", | ||
"@aomex/web": "^1.0.0" | ||
}, | ||
"scripts": { | ||
"test": "vitest" | ||
} | ||
"dependencies": { | ||
"vary": "^1.1.2" | ||
}, | ||
"scripts": {} | ||
} |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
0
16951
3
3
150
+ Addedvary@^1.1.2
+ Added@aomex/core@1.3.0(transitive)
+ Added@aomex/internal-tools@1.3.0(transitive)
+ Added@aomex/web@1.3.0(transitive)
- Removed@aomex/core@0.0.28(transitive)
- Removed@aomex/internal-tools@0.0.27(transitive)
- Removed@aomex/web@0.0.29(transitive)
- Removed@cspotcode/source-map-support@0.8.1(transitive)
- Removed@jridgewell/resolve-uri@3.1.2(transitive)
- Removed@jridgewell/sourcemap-codec@1.4.15(transitive)
- Removed@jridgewell/trace-mapping@0.3.9(transitive)
- Removed@tsconfig/node10@1.0.11(transitive)
- Removed@tsconfig/node12@1.0.11(transitive)
- Removed@tsconfig/node14@1.0.3(transitive)
- Removed@tsconfig/node16@1.0.4(transitive)
- Removedacorn@8.12.0(transitive)
- Removedacorn-walk@8.3.3(transitive)
- Removedarg@4.1.3(transitive)
- Removedchalk@5.3.0(transitive)
- Removedcontent-type@1.0.5(transitive)
- Removedcreate-require@1.1.1(transitive)
- Removeddiff@4.0.2(transitive)
- Removedencodeurl@1.0.2(transitive)
- Removedescape-html@1.0.3(transitive)
- Removedlru-cache@10.3.0(transitive)
- Removedmake-error@1.3.6(transitive)
- Removedts-node@10.9.2(transitive)
- Removedv8-compile-cache-lib@3.0.1(transitive)
- Removedyn@3.1.1(transitive)