New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →

itty-cors

Package Overview

Dependencies

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

itty-cors

Simple (and tiny) CORS-handling for any itty-router API. Designed on Cloudflare Workers, but works anywhere.

0.3.4
Source
npm

Version published: 2 years ago

Maintainers: 1

Created: 2 years ago

Source

Build Status

Simple CORS-handling for any itty-router API. Designed on Cloudflare Workers, but works anywhere.

Features

Tiny. Currently ~600 bytes, with zero-dependencies.
Fully Typed/TypeScript
Granular control over allowed methods, origins, etc.
handles OPTIONS preflight requests
response processor (corsify) can be used per-response, or globally downstream

!! Breaking API Changes (pre v1.x)!!

You're using an early-access package. Until itty-cors hits a stable v1.0 release, API changes will be broadcasted as minor version bumps.

v0.3.0 - preflight now MUST be included on the .all channel (all methods), rather than .options alone, to allow for origin-checking.
v0.2.0 - allowOrigins: string has been replaced with origins: string[] to accept an array of origins, and multi-origin support is now correctly implemented.
```
// previously
const { preflight, corsify } = createCors({ allowOrigin: '*' })

// now
const { preflight, corsify } = createCors({ origins: ['*'] })
```

Simple Usage

import { Router } from 'itty-router'
import { error, json, missing } from 'itty-router-extras'
import { createCors } from 'itty-cors'

// create CORS handlers
const { preflight, corsify } = createCors()

const router = Router()

// register v2 API plus all routes
router
  .all('*', preflight)                                  // handle CORS preflight/OPTIONS requests
  .get('/version', () => json({ version: '0.1.0' }))    // GET release version
  .get('/stuff', () => json(['foo', 'bar', 'baz']))     // GET some other random stuff
  .all('*', () => missing('Are you sure about that?'))  // 404 for all else

// CF ES6 module syntax
export default {
  fetch: (...args) => router
                        .handle(...args)
                        .catch(err => error(500, err.stack))
                        .then(corsify) // cors should be applied to error responses as well
}

CORS enabled on a single route (and advanced options)

import { Router } from 'itty-router'
import { error, json, missing } from 'itty-router-extras'
import { createCors } from 'itty-cors'

// create CORS handlers
const { preflight, corsify } = createCors({
  methods: ['GET', 'POST', 'DELETE'], // GET is included by default... omit this if only using GET
  origins: ['*'],                     // defaults to allow all (most common).  Restrict if needed.
  maxAge: 3600,
  headers: {
    'my-custom-header': 'will be injected with each CORS-enabled response',
  },
})

const router = Router()

// register v2 API plus all routes
router
  .all('*', preflight)                                  // handle CORS preflight/OPTIONS requests
  .get('/version', () => corsify(json({ version: '0.1.0' })))  // GET release version (CORS-enabled)
  .get('/stuff', () => json(['foo', 'bar', 'baz']))     // GET some other random stuff (no CORS allowed)
  .all('*', () => missing('Are you sure about that?'))  // 404 for all else

// CF ES6 module syntax
export default {
  fetch: (...args) => router
                        .handle(...args)
                        .catch(err => error(500, err.stack))
}

API

`createCors(options?) => { preflight: function, corsify: function }`

Returns an object with two properties, preflight (a preflight OPTIONS middleware), and corsify (a response-handling function).

Option	Type(s)	Default	Description
origins	`string[]`	`['*']`	By default, all origins are allowed (most common). Modify this to restrict to specific origins.
maxAge	`number`	`3600`	Set the expiry of responses
methods	`string[]`	`['GET']`	Define which methods are allowed. `OPTIONS` will be automatically added.
headers	`object`	`{}`	Add any custom headers to be injected with CORS-enabled responses.

`preflight(request: Request) => Response`

This is the preflight middleware to be injected upstream on options requests.

router.options('*', preflight) // that's it!

`corsify(response: Response) => Response`

This wrapper injects CORS headers into a response, if not already set (upstream). Use this at the end of the router.handle Promise chain to CORS-enable all responses/the entire API, or wrap any response generator (e.g. json() from itty-router-extras) to make a single CORS-enabled response.

Keywords

FAQs

What is itty-cors?

Is itty-cors well maintained?

Package last updated on 23 Oct 2022

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install