@middy/http-cors - npm Package Compare versions

Comparing version 4.1.0 to 4.2.0

index.d.ts

@@ -6,2 +6,3 @@ import middy from '@middy/core'
   credentials?: boolean | string
+  disableBeforePreflightResponse: true
   headers?: string
@@ -8,0 +9,0 @@ methods?: string

index.js

@@ -17,2 +17,3 @@ import { normalizeHttpResponse } from '@middy/util';
 const defaults = {
+    disableBeforePreflightResponse: true,
     getOrigin,
@@ -36,49 +37,18 @@ credentials: undefined,
     };
+    const httpCorsMiddlewareBefore = async (request)=>{
+        if (options.disableBeforePreflightResponse) return;
+        const method = getVersionHttpMethod[request.event.version ?? '1.0']?.(request.event);
+        if (method === 'OPTIONS') {
+            normalizeHttpResponse(request);
+            const headers = {};
+            modifyHeaders(headers, options, request);
+            request.response.headers = headers;
+            request.response.statusCode = 204;
+            return request.response;
+        }
+    };
     const httpCorsMiddlewareAfter = async (request)=>{
         normalizeHttpResponse(request);
         const { headers  } = request.response;
-        const existingHeaders = Object.keys(headers);
-        if (existingHeaders.includes('Access-Control-Allow-Credentials')) {
-            options.credentials = headers['Access-Control-Allow-Credentials'] === 'true';
-        }
-        if (options.credentials) {
-            headers['Access-Control-Allow-Credentials'] = String(options.credentials);
-        }
-        if (options.headers && !existingHeaders.includes('Access-Control-Allow-Headers')) {
-            headers['Access-Control-Allow-Headers'] = options.headers;
-        }
-        if (options.methods && !existingHeaders.includes('Access-Control-Allow-Methods')) {
-            headers['Access-Control-Allow-Methods'] = options.methods;
-        }
-        if (!existingHeaders.includes('Access-Control-Allow-Origin')) {
-            const eventHeaders = request.event.headers ?? {};
-            const incomingOrigin = eventHeaders.Origin ?? eventHeaders.origin;
-            headers['Access-Control-Allow-Origin'] = options.getOrigin(incomingOrigin, options);
-        }
-        let vary = options.vary;
-        if (headers['Access-Control-Allow-Origin'] !== '*' && !vary) {
-            vary = 'Origin';
-        }
-        if (vary && !existingHeaders.includes('Vary')) {
-            headers.Vary = vary;
-        }
-        if (options.exposeHeaders && !existingHeaders.includes('Access-Control-Expose-Headers')) {
-            headers['Access-Control-Expose-Headers'] = options.exposeHeaders;
-        }
-        if (options.maxAge && !existingHeaders.includes('Access-Control-Max-Age')) {
-            headers['Access-Control-Max-Age'] = String(options.maxAge);
-        }
-        if (options.requestHeaders && !existingHeaders.includes('Access-Control-Request-Headers')) {
-            headers['Access-Control-Request-Headers'] = options.requestHeaders;
-        }
-        if (options.requestMethods && !existingHeaders.includes('Access-Control-Request-Methods')) {
-            headers['Access-Control-Request-Methods'] = options.requestMethods;
-        }
-        const httpMethod = getVersionHttpMethod[request.event.version ?? '1.0']?.(request.event);
-        if (!httpMethod) {
-            throw new Error('[http-cors] Unknown http event format');
-        }
-        if (httpMethod === 'OPTIONS' && options.cacheControl && !existingHeaders.includes('Cache-Control')) {
-            headers['Cache-Control'] = options.cacheControl;
-        }
+        modifyHeaders(headers, options, request);
         request.response.headers = headers;
@@ -91,2 +61,3 @@ };
     return {
+        before: httpCorsMiddlewareBefore,
         after: httpCorsMiddlewareAfter,
@@ -100,2 +71,48 @@ onError: httpCorsMiddlewareOnError
 };
+const modifyHeaders = (headers, options, request)=>{
+    const existingHeaders = Object.keys(headers);
+    if (existingHeaders.includes('Access-Control-Allow-Credentials')) {
+        options.credentials = headers['Access-Control-Allow-Credentials'] === 'true';
+    }
+    if (options.credentials) {
+        headers['Access-Control-Allow-Credentials'] = String(options.credentials);
+    }
+    if (options.headers && !existingHeaders.includes('Access-Control-Allow-Headers')) {
+        headers['Access-Control-Allow-Headers'] = options.headers;
+    }
+    if (options.methods && !existingHeaders.includes('Access-Control-Allow-Methods')) {
+        headers['Access-Control-Allow-Methods'] = options.methods;
+    }
+    if (!existingHeaders.includes('Access-Control-Allow-Origin')) {
+        const eventHeaders = request.event.headers ?? {};
+        const incomingOrigin = eventHeaders.Origin ?? eventHeaders.origin;
+        headers['Access-Control-Allow-Origin'] = options.getOrigin(incomingOrigin, options);
+    }
+    let vary = options.vary;
+    if (headers['Access-Control-Allow-Origin'] !== '*' && !vary) {
+        vary = 'Origin';
+    }
+    if (vary && !existingHeaders.includes('Vary')) {
+        headers.Vary = vary;
+    }
+    if (options.exposeHeaders && !existingHeaders.includes('Access-Control-Expose-Headers')) {
+        headers['Access-Control-Expose-Headers'] = options.exposeHeaders;
+    }
+    if (options.maxAge && !existingHeaders.includes('Access-Control-Max-Age')) {
+        headers['Access-Control-Max-Age'] = String(options.maxAge);
+    }
+    if (options.requestHeaders && !existingHeaders.includes('Access-Control-Request-Headers')) {
+        headers['Access-Control-Request-Headers'] = options.requestHeaders;
+    }
+    if (options.requestMethods && !existingHeaders.includes('Access-Control-Request-Methods')) {
+        headers['Access-Control-Request-Methods'] = options.requestMethods;
+    }
+    const httpMethod = getVersionHttpMethod[request.event.version ?? '1.0']?.(request.event);
+    if (!httpMethod) {
+        throw new Error('[http-cors] Unknown http event format');
+    }
+    if (httpMethod === 'OPTIONS' && options.cacheControl && !existingHeaders.includes('Cache-Control')) {
+        headers['Cache-Control'] = options.cacheControl;
+    }
+};
 export default httpCorsMiddleware;
@@ -102,0 +119,0 @@

package.json

 {
   "name": "@middy/http-cors",
-  "version": "4.1.0",
+  "version": "4.2.0",
   "description": "CORS (Cross-Origin Resource Sharing) middleware for the middy framework",
@@ -63,9 +63,9 @@ "type": "module",
   "homepage": "https://middy.js.org",
-  "gitHead": "c5abbac9280c3a2f30758188233a7b27367901d1",
+  "gitHead": "438103b15c184995a0a38413f6ed0b8696d13670",
   "dependencies": {
-    "@middy/util": "4.1.0"
+    "@middy/util": "4.2.0"
   },
   "devDependencies": {
-    "@middy/core": "4.1.0"
+    "@middy/core": "4.2.0"
   }
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

19968

increased by41.09%

Number of package files

7

increased by16.67%

Lines of code

375

increased by72.02%

Dependency changes

• + Added@middy/util@4.2.0(transitive)

• - Removed@middy/util@4.1.0(transitive)

• Updated@middy/util@4.2.0