@tinyhttp/cors - npm Package Compare versions

Comparing version 0.2.0 to 0.2.1

dist/index.d.ts

		@@ -0,11 +1,15 @@
		/// <reference types="node" />
		import { IncomingMessage as Request, ServerResponse as Response } from 'http';
		export declare const defaultMethods: string[];
		export declare const defaultHeaders: string[];
		export interface AccessControlOptions {
		origin?: string \| boolean \| ((req: Request, res: Response) => string);
		methods?: string[];
		allowedHeaders?: string[];
		exposedHeaders?: string[];
		credentials?: boolean;
		maxAge?: number;
		optionsSuccessStatus?: number;
		}
		/**
		* CORS Middleware
		*/
		export declare const cors: ({ host, methods, headers, }: {
		host?: string;
		methods?: string[];
		headers?: string[];
		}) => (_req: Request, res: Response, next?: (err?: any) => void) => void;
		export declare const cors: ({ origin, methods, allowedHeaders, exposedHeaders, credentials, maxAge, optionsSuccessStatus, }: AccessControlOptions) => (req: Request, res: Response, next?: () => void) => void;

dist/index.js

		@@ -1,14 +0,35 @@
		import { METHODS } from 'http';
		import { vary } from 'es-vary';

		const defaultMethods = METHODS;
		const defaultHeaders = ['Origin', 'X-Requested-With', 'Content-Type'];
		/**
		* CORS Middleware
		*/
		const cors = ({ host = '*', methods = defaultMethods, headers = defaultHeaders, }) => {
		const prefix = 'Access-Control-Allow';
		return (_req, res, next) => {
		res.setHeader(`${prefix}-Origin`, host);
		res.setHeader(`${prefix}-Headers`, headers.join(', '));
		res.setHeader(`${prefix}-Methods`, methods.join(', '));
		const cors = ({ origin = '*', methods = ['GET', 'HEAD', 'PUT', 'PATCH', 'POST', 'DELETE'], allowedHeaders, exposedHeaders, credentials, maxAge, optionsSuccessStatus = 204, }) => {
		return (req, res, next) => {
		// Checking the type of the origin property
		if (typeof origin === 'boolean' && origin === true)
		res.setHeader('Access-Control-Allow-Origin', '*');
		else if (typeof origin === 'string')
		res.setHeader('Access-Control-Allow-Origin', origin);
		else if (typeof origin === 'function')
		res.setHeader('Access-Control-Allow-Origin', origin(req, res));
		if ((typeof origin === 'string' && origin !== '*') \|\| typeof origin === 'function')
		vary(res, 'Origin');
		// Setting the Access-Control-Allow-Methods header from the methods array
		res.setHeader('Access-Control-Allow-Methods', methods.join(', ').toUpperCase());
		// Setting the Access-Control-Allow-Headers header
		if (allowedHeaders)
		res.setHeader('Access-Control-Allow-Headers', allowedHeaders);
		// Setting the Access-Control-Expose-Headers header
		if (exposedHeaders)
		res.setHeader('Access-Control-Expose-Headers', exposedHeaders);
		// Setting the Access-Control-Allow-Credentials header
		if (credentials)
		res.setHeader('Access-Control-Allow-Credentials', 'true');
		// Setting the Access-Control-Max-Age header
		if (maxAge)
		res.setHeader('Access-Control-Max-Age', maxAge);
		if (next === undefined) {
		res.statusCode = optionsSuccessStatus;
		res.end();
		}
		next === null \|\| next === void 0 ? void 0 : next();
		@@ -18,2 +39,2 @@ };

		export { cors, defaultHeaders, defaultMethods };
		export { cors };

package.json

		{
		"name": "@tinyhttp/cors",
		"version": "0.2.0",
		"version": "0.2.1",
		"description": "tinyhttp CORS module",
		@@ -34,2 +34,5 @@ "type": "module",
		},
		"dependencies": {
		"es-vary": "^0.0.1"
		},
		"author": "v1rtl",
		@@ -36,0 +39,0 @@ "license": "MIT",

README.md

		# @tinyhttp/cors

		[![npm (scoped)](https://img.shields.io/npm/v/@tinyhttp/cors?style=flat-square)](npmjs.com/package/@tinyhttp/cors) [![npm](https://img.shields.io/npm/dt/@tinyhttp/cors?style=flat-square)](npmjs.com/package/@tinyhttp/cors) [![](https://img.shields.io/badge/website-visit-hotpink?style=flat-square)](https://tinyhttp.v1rtl.site/mw/cors)
		[![npm (scoped)](https://img.shields.io/npm/v/@tinyhttp/cors?style=flat-square)](npmjs.com/package/@tinyhttp/cors) [![npm](https://img.shields.io/npm/dt/@tinyhttp/cors?style=flat-square)](npmjs.com/package/@tinyhttp/cors)

		> A rewrite of [cors](https://github.com/expressjs/cors) module.
		> A rewrite of [expressjs/cors](https://github.com/expressjs/cors) module.

		CORS middleware for HTTP servers.
		HTTP cors header middleware

		@@ -21,16 +21,25 @@ ## Install

		### Options
		### `cors(options)`

		#### `host`
		Returns the Cors middleware with the settings specified in the parameters

		Host that is allowed to send cross-origin requests. Defaults to `'*'`.
		#### Options
		- `origin`: Can be a string defining the Access-Control-Allow-Origin value, a boolean which if set to true sets the header to `'*'` or a function which contains the request and response as parameters and must return the value for the Access-Control-Allow-Origin header
		- `methods`: Array of method names which define the Access-Control-Allow-Methods header, default to all the most common methods (get, head, put, patch, post, delete)
		- `allowedHeaders`: Configures the Access-Control-Allow-Headers CORS header. Expects an array (ex: ['Content-Type', 'Authorization']).
		- `exposedHeaders`: Configures the Access-Control-Expose-Headers CORS header. If not specified, no custom headers are exposed
		- `credentials`: Configures the Access-Control-Allow-Credentials CORS header. Set to true to pass the header, otherwise it is omitted.
		- `maxAge`: Configures the Access-Control-Max-Age CORS header. Set to an integer to pass the header, otherwise it is omitted.
		- `optionsSuccessStatus`: Provides a status code to use for successful OPTIONS requests, since some legacy browsers (IE11, various SmartTVs) choke on 204.

		#### `methods`
		The default configuration is:

		Allowed methods for performing a cross-origin request. Default ones are `['GET', 'POST', 'PUT', 'PATCH', 'HEAD']` and can be accessed with `defaultMethods`.
		```json
		{
		"origin": "*",
		"methods": ["GET", "HEAD", "PUT", "PATCH", "POST", "DELETE"],
		"optionsSuccessStatus": 204
		}
		```

		#### `headers`

		Allowed HTTP headers that can be sent in a cross-origin request. Default ones are `['Origin', 'X-Requested-With', 'Content-Type']` and can be accessed with `defaultHeaders`.

		## Example
		@@ -44,9 +53,10 @@

		app
		.use(
		cors({
		host: 'https://example.com'
		})
		)
		.get('/', (_, res) => void res.end('Hello World'))
		app.use(cors({ origin: 'https://myfantastic.site/' }))
		app.options('*', cors())

		app.get('/', (req, res) => {
		res.send('The headers contained in my response are defined in the cors middleware')
		})

		app.listen(8080)
		```
		@@ -56,2 +66,2 @@

		MIT © [v1rtl](https://v1rtl.site)
		MIT © [BRA1L0R](https://brailor.me/)

src/index.ts

		@@ -1,11 +0,14 @@
		import {
		IncomingMessage as Request,
		ServerResponse as Response,
		METHODS,
		} from 'http'
		import { IncomingMessage as Request, ServerResponse as Response } from 'http'
		import { vary } from 'es-vary'

		export const defaultMethods = METHODS
		export interface AccessControlOptions {
		origin?: string \| boolean \| ((req: Request, res: Response) => string)
		methods?: string[]
		allowedHeaders?: string[]
		exposedHeaders?: string[]
		credentials?: boolean
		maxAge?: number
		optionsSuccessStatus?: number
		}

		export const defaultHeaders = ['Origin', 'X-Requested-With', 'Content-Type']

		/**
		@@ -15,15 +18,39 @@ * CORS Middleware
		export const cors = ({
		host = '*',
		methods = defaultMethods,
		headers = defaultHeaders,
		}) => {
		const prefix = 'Access-Control-Allow'
		origin = '*',
		methods = ['GET', 'HEAD', 'PUT', 'PATCH', 'POST', 'DELETE'],
		allowedHeaders,
		exposedHeaders,
		credentials,
		maxAge,
		optionsSuccessStatus = 204,
		}: AccessControlOptions) => {
		return (req: Request, res: Response, next?: () => void) => {
		// Checking the type of the origin property
		if (typeof origin === 'boolean' && origin === true) res.setHeader('Access-Control-Allow-Origin', '*')
		else if (typeof origin === 'string') res.setHeader('Access-Control-Allow-Origin', origin)
		else if (typeof origin === 'function') res.setHeader('Access-Control-Allow-Origin', origin(req, res))
		if ((typeof origin === 'string' && origin !== '*') \|\| typeof origin === 'function') vary(res, 'Origin')

		return (_req: Request, res: Response, next?: (err?: any) => void) => {
		res.setHeader(`${prefix}-Origin`, host)
		res.setHeader(`${prefix}-Headers`, headers.join(', '))
		res.setHeader(`${prefix}-Methods`, methods.join(', '))
		// Setting the Access-Control-Allow-Methods header from the methods array
		res.setHeader('Access-Control-Allow-Methods', methods.join(', ').toUpperCase())

		// Setting the Access-Control-Allow-Headers header
		if (allowedHeaders) res.setHeader('Access-Control-Allow-Headers', allowedHeaders)

		// Setting the Access-Control-Expose-Headers header
		if (exposedHeaders) res.setHeader('Access-Control-Expose-Headers', exposedHeaders)

		// Setting the Access-Control-Allow-Credentials header
		if (credentials) res.setHeader('Access-Control-Allow-Credentials', 'true')

		// Setting the Access-Control-Max-Age header
		if (maxAge) res.setHeader('Access-Control-Max-Age', maxAge)

		if (next === undefined) {
		res.statusCode = optionsSuccessStatus
		res.end()
		}

		next?.()
		}
		}

dist/index.cjs

Sorry, the diff of this file is not supported yet

@tinyhttp/cors - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics

Dependency changes