New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →

@elysiajs/cors

Package Overview

Dependencies

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

@elysiajs/cors

Plugin for Elysia that for Cross Origin Requests (CORs)

1.2.0
latest
Source
npm

Version published: 2 months ago

Weekly downloads: 30K; increased by3.81%

Maintainers: 0

Weekly downloads

Created: 2 years ago

Source

@elysiajs/cors

Plugin for elysia that for Cross Origin Requests (CORs)

Installation

bun add @elysiajs/cors

Example

import { Elysia } from 'elysia'
import { cors } from '@elysiajs/cors'

const app = new Elysia()
    .use(cors())
    .listen(8080)

Config

origin

@default true

Assign the Access-Control-Allow-Origin header.

Value can be one of the following:

string - String of origin which will directly assign to Access-Control-Allow-Origin
boolean - If set to true, Access-Control-Allow-Origin will be set to * (accept all origin)
RegExp - Pattern to use to test with request's url, will accept origin if matched.

Function - Custom logic to validate origin acceptance or not. will accept origin if true is returned.

Function will accepts Context just like Handler

// Example usage
app.use(cors, {
    origin: ({ request, headers }) => true
})

// Type Definition
type CORSOriginFn = (context: Context) => boolean | void

Array<string | RegExp | Function> - Will try to find truthy value of all options above. Will accept Request if one is true.

methods

@default *

Assign Access-Control-Allow-Methods header.

Value can be one of the following: Accept:

undefined | null | '' - Ignore all methods.
* - Accept all methods.
HTTPMethod - Will be directly set to Access-Control-Allow-Methods.
- Expects either a single method or a comma-delimited string (eg: 'GET, PUT, POST')
HTTPMethod[] - Allow multiple HTTP methods.
- eg: ['GET', 'PUT', 'POST']

allowedHeaders

@default *

Assign Access-Control-Allow-Headers header.

Allow incoming request with the specified headers.

Value can be one of the following:

string
- Expects either a single method or a comma-delimited string (eg: 'Content-Type, Authorization').
string[] - Allow multiple HTTP methods.
- eg: ['Content-Type', 'Authorization']

exposedHeaders

@default *

Assign Access-Control-Exposed-Headers header.

Return the specified headers to request in CORS mode.

Value can be one of the following:

string
- Expects either a single method or a comma-delimited string (eg: 'Content-Type, 'X-Powered-By').
string[] - Allow multiple HTTP methods.
- eg: ['Content-Type', 'X-Powered-By']

credentials

@default true

Assign Access-Control-Allow-Credentials header.

Allow incoming requests to send credentials header.

boolean - Available if set to true.

maxAge

@default 5

Assign Access-Control-Max-Age header.

Allow incoming requests to send credentials header.

number - Duration in seconds to indicates how long the results of a preflight request can be cached.

preflight

@default true

Add [OPTIONS] /* handler to handle preflight request which response with HTTP 204 and CORS hints.

boolean - Available if set to true.

Keywords

FAQs

What is @elysiajs/cors?

Is @elysiajs/cors popular?

Is @elysiajs/cors well maintained?

Package last updated on 23 Dec 2024

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install