Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
@middy/http-cors
Advanced tools
@middy/http-cors - npm Package Compare versions
Comparing version 4.1.0 to 4.2.0
@@ -6,2 +6,3 @@ import middy from '@middy/core' | ||
| credentials?: boolean | string | ||
| disableBeforePreflightResponse: true | ||
| headers?: string | ||
@@ -8,0 +9,0 @@ methods?: string |
105
index.js
@@ -17,2 +17,3 @@ import { normalizeHttpResponse } from '@middy/util'; | ||
| const defaults = { | ||
| disableBeforePreflightResponse: true, | ||
| getOrigin, | ||
@@ -36,49 +37,18 @@ credentials: undefined, | ||
| }; | ||
| const httpCorsMiddlewareBefore = async (request)=>{ | ||
| if (options.disableBeforePreflightResponse) return; | ||
| const method = getVersionHttpMethod[request.event.version ?? '1.0']?.(request.event); | ||
| if (method === 'OPTIONS') { | ||
| normalizeHttpResponse(request); | ||
| const headers = {}; | ||
| modifyHeaders(headers, options, request); | ||
| request.response.headers = headers; | ||
| request.response.statusCode = 204; | ||
| return request.response; | ||
| } | ||
| }; | ||
| const httpCorsMiddlewareAfter = async (request)=>{ | ||
| normalizeHttpResponse(request); | ||
| const { headers } = request.response; | ||
| const existingHeaders = Object.keys(headers); | ||
| if (existingHeaders.includes('Access-Control-Allow-Credentials')) { | ||
| options.credentials = headers['Access-Control-Allow-Credentials'] === 'true'; | ||
| } | ||
| if (options.credentials) { | ||
| headers['Access-Control-Allow-Credentials'] = String(options.credentials); | ||
| } | ||
| if (options.headers && !existingHeaders.includes('Access-Control-Allow-Headers')) { | ||
| headers['Access-Control-Allow-Headers'] = options.headers; | ||
| } | ||
| if (options.methods && !existingHeaders.includes('Access-Control-Allow-Methods')) { | ||
| headers['Access-Control-Allow-Methods'] = options.methods; | ||
| } | ||
| if (!existingHeaders.includes('Access-Control-Allow-Origin')) { | ||
| const eventHeaders = request.event.headers ?? {}; | ||
| const incomingOrigin = eventHeaders.Origin ?? eventHeaders.origin; | ||
| headers['Access-Control-Allow-Origin'] = options.getOrigin(incomingOrigin, options); | ||
| } | ||
| let vary = options.vary; | ||
| if (headers['Access-Control-Allow-Origin'] !== '*' && !vary) { | ||
| vary = 'Origin'; | ||
| } | ||
| if (vary && !existingHeaders.includes('Vary')) { | ||
| headers.Vary = vary; | ||
| } | ||
| if (options.exposeHeaders && !existingHeaders.includes('Access-Control-Expose-Headers')) { | ||
| headers['Access-Control-Expose-Headers'] = options.exposeHeaders; | ||
| } | ||
| if (options.maxAge && !existingHeaders.includes('Access-Control-Max-Age')) { | ||
| headers['Access-Control-Max-Age'] = String(options.maxAge); | ||
| } | ||
| if (options.requestHeaders && !existingHeaders.includes('Access-Control-Request-Headers')) { | ||
| headers['Access-Control-Request-Headers'] = options.requestHeaders; | ||
| } | ||
| if (options.requestMethods && !existingHeaders.includes('Access-Control-Request-Methods')) { | ||
| headers['Access-Control-Request-Methods'] = options.requestMethods; | ||
| } | ||
| const httpMethod = getVersionHttpMethod[request.event.version ?? '1.0']?.(request.event); | ||
| if (!httpMethod) { | ||
| throw new Error('[http-cors] Unknown http event format'); | ||
| } | ||
| if (httpMethod === 'OPTIONS' && options.cacheControl && !existingHeaders.includes('Cache-Control')) { | ||
| headers['Cache-Control'] = options.cacheControl; | ||
| } | ||
| modifyHeaders(headers, options, request); | ||
| request.response.headers = headers; | ||
@@ -91,2 +61,3 @@ }; | ||
| return { | ||
| before: httpCorsMiddlewareBefore, | ||
| after: httpCorsMiddlewareAfter, | ||
@@ -100,2 +71,48 @@ onError: httpCorsMiddlewareOnError | ||
| }; | ||
| const modifyHeaders = (headers, options, request)=>{ | ||
| const existingHeaders = Object.keys(headers); | ||
| if (existingHeaders.includes('Access-Control-Allow-Credentials')) { | ||
| options.credentials = headers['Access-Control-Allow-Credentials'] === 'true'; | ||
| } | ||
| if (options.credentials) { | ||
| headers['Access-Control-Allow-Credentials'] = String(options.credentials); | ||
| } | ||
| if (options.headers && !existingHeaders.includes('Access-Control-Allow-Headers')) { | ||
| headers['Access-Control-Allow-Headers'] = options.headers; | ||
| } | ||
| if (options.methods && !existingHeaders.includes('Access-Control-Allow-Methods')) { | ||
| headers['Access-Control-Allow-Methods'] = options.methods; | ||
| } | ||
| if (!existingHeaders.includes('Access-Control-Allow-Origin')) { | ||
| const eventHeaders = request.event.headers ?? {}; | ||
| const incomingOrigin = eventHeaders.Origin ?? eventHeaders.origin; | ||
| headers['Access-Control-Allow-Origin'] = options.getOrigin(incomingOrigin, options); | ||
| } | ||
| let vary = options.vary; | ||
| if (headers['Access-Control-Allow-Origin'] !== '*' && !vary) { | ||
| vary = 'Origin'; | ||
| } | ||
| if (vary && !existingHeaders.includes('Vary')) { | ||
| headers.Vary = vary; | ||
| } | ||
| if (options.exposeHeaders && !existingHeaders.includes('Access-Control-Expose-Headers')) { | ||
| headers['Access-Control-Expose-Headers'] = options.exposeHeaders; | ||
| } | ||
| if (options.maxAge && !existingHeaders.includes('Access-Control-Max-Age')) { | ||
| headers['Access-Control-Max-Age'] = String(options.maxAge); | ||
| } | ||
| if (options.requestHeaders && !existingHeaders.includes('Access-Control-Request-Headers')) { | ||
| headers['Access-Control-Request-Headers'] = options.requestHeaders; | ||
| } | ||
| if (options.requestMethods && !existingHeaders.includes('Access-Control-Request-Methods')) { | ||
| headers['Access-Control-Request-Methods'] = options.requestMethods; | ||
| } | ||
| const httpMethod = getVersionHttpMethod[request.event.version ?? '1.0']?.(request.event); | ||
| if (!httpMethod) { | ||
| throw new Error('[http-cors] Unknown http event format'); | ||
| } | ||
| if (httpMethod === 'OPTIONS' && options.cacheControl && !existingHeaders.includes('Cache-Control')) { | ||
| headers['Cache-Control'] = options.cacheControl; | ||
| } | ||
| }; | ||
| export default httpCorsMiddleware; | ||
@@ -102,0 +119,0 @@ |
| { | ||
| "name": "@middy/http-cors", | ||
| "version": "4.1.0", | ||
| "version": "4.2.0", | ||
| "description": "CORS (Cross-Origin Resource Sharing) middleware for the middy framework", | ||
@@ -63,9 +63,9 @@ "type": "module", | ||
| "homepage": "https://middy.js.org", | ||
| "gitHead": "c5abbac9280c3a2f30758188233a7b27367901d1", | ||
| "gitHead": "438103b15c184995a0a38413f6ed0b8696d13670", | ||
| "dependencies": { | ||
| "@middy/util": "4.1.0" | ||
| "@middy/util": "4.2.0" | ||
| }, | ||
| "devDependencies": { | ||
| "@middy/core": "4.1.0" | ||
| "@middy/core": "4.2.0" | ||
| } | ||
| } |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by41.09%
19968
- Number of package files
- increased by16.67%
7
- Lines of code
- increased by72.02%
375
Dependency changes
+ Added@middy/util@4.2.0(transitive)
- Removed@middy/util@4.1.0(transitive)
Updated@middy/util@4.2.0