koa-cors - npm Package Compare versions

Comparing version 0.0.15 to 0.0.16

.jshintrc

index.js

		@@ -0,31 +1,53 @@
		'use strict';

		/**
		* CORS middleware
		*
		* @param {Object} [settings]
		* @return {Function}
		* @param {Object} [options]
		* @return {GeneratorFunction}
		* @api public
		*/
		module.exports = function(settings) {
		"use strict";
		module.exports = function getMiddleware(options) {

		options = options \|\| {};

		var defaults = {
		origin: function(req) {
		return req.header.origin \|\| '*';
		},
		origin: true,
		methods: 'GET,HEAD,PUT,POST,DELETE'
		};

		return function* cors(next) {
		// Set defaults
		for (var key in defaults) {
		if (!options.hasOwnProperty(key)) {
		options[key] = defaults[key];
		}
		}

		/**
		* Set options
		*
		* @type {Object}
		*/
		var options = settings \|\| defaults;
		// Set expose
		if (Array.isArray(options.expose)) {
		options.expose = options.expose.join(',');
		}

		// Set maxAge
		if (typeof options.maxAge === 'number') {
		options.maxAge = options.maxAge.toString();
		} else {
		options.maxAge = null;
		}

		// Set methods
		if (Array.isArray(options.methods)) {
		options.methods = options.methods.join(',');
		}

		// Set headers
		if (Array.isArray(options.headers)) {
		options.headers = options.headers.join(',');
		}

		return function* cors(next) {

		/**
		* Access Control Allow Origin
		*/
		if (options.origin === false) return;

		var origin;
		@@ -35,6 +57,8 @@
		origin = options.origin;
		} else if (options.origin === true) {
		origin = this.get('origin') \|\| '*';
		} else if (options.origin === false) {
		origin = options.origin;
		} else if (typeof options.origin === 'function') {
		origin = options.origin(this.request);
		} else {
		origin = defaults.origin(this.request);
		}
		@@ -50,8 +74,3 @@
		if (options.expose) {
		if (options.expose.join) {
		options.expose = options.expose.join(',');
		}
		if (options.expose.length) {
		this.set('Access-Control-Expose-Headers', options.expose);
		}
		this.set('Access-Control-Expose-Headers', options.expose);
		}
		@@ -62,4 +81,3 @@
		*/
		options.maxAge = options.maxAge && options.maxAge.toString();
		if (options.maxAge && options.maxAge.length) {
		if (options.maxAge) {
		this.set('Access-Control-Max-Age', options.maxAge);
		@@ -78,7 +96,2 @@ }
		*/
		if (typeof options.methods === 'undefined') {
		options.methods = defaults.methods;
		} else if (options.methods.join) {
		options.methods = options.methods.join(',');
		}
		this.set('Access-Control-Allow-Methods', options.methods);
		@@ -89,9 +102,12 @@
		*/
		if (!options.headers) {
		options.headers = this.header['access-control-request-headers'];
		} else if (options.headers.join) {
		options.headers = options.headers.join(',');
		var headers;

		if (options.headers) {
		headers = options.headers;
		} else {
		headers = this.get('access-control-request-headers');
		}
		if (options.headers && options.headers.length) {
		this.set('Access-Control-Allow-Headers', options.headers);

		if (headers) {
		this.set('Access-Control-Allow-Headers', headers);
		}
		@@ -107,5 +123,3 @@
		}

		};

		};

package.json

		{
		"name": "koa-cors",
		"version": "0.0.15",
		"version": "0.0.16",
		"description": "CORS middleware for Koa",
		"main": "index.js",
		"scripts": {
		"test": "npm test"
		"test": "mocha --harmony test"
		},
		@@ -25,7 +25,7 @@ "repository": {
		"devDependencies": {
		"koa": "^0.6.1",
		"chai": "^1.9.1",
		"mocha": "^1.19.0",
		"superagent": "^0.18.0"
		"koa": "^0.18.0",
		"chai": "^2.0.0",
		"mocha": "^2.1.0",
		"superagent": "^0.21.0"
		}
		}

README.md

		@@ -34,21 +34,42 @@ koa-cors
		### origin
		Configures the Access-Control-Allow-Origin CORS header. Expects a string (ex: http://example.com). Set to `true` to reflect the [request origin](http://tools.ietf.org/html/draft-abarth-origin-09), as defined by `req.header('Origin')`. Set to `false` to disable CORS. Can also be set to a function, which takes the request as the first parameter.

		Configures the Access-Control-Allow-Origin CORS header. Expects a string
		(ex: http://example.com). Set to `true` to reflect the
		[request origin](http://tools.ietf.org/html/draft-abarth-origin-09), as defined
		by `req.header('Origin')`. Set to `false` to disable CORS. Can also be set to a
		function, which takes the request as the first parameter.

		### expose
		Configures the Access-Control-Expose-Headers CORS header. Expects a comma-delimited string (ex: 'WWW-Authenticate,Server-Authorization') or an array (ex: `['WWW-Authenticate', 'Server-Authorization]`). Set this to pass the header, otherwise it is omitted.

		Configures the Access-Control-Expose-Headers CORS header. Expects a
		comma-delimited string (ex: 'WWW-Authenticate,Server-Authorization') or an array
		(ex: `['WWW-Authenticate', 'Server-Authorization]`). Set this to pass the
		header, otherwise it is omitted.

		### maxAge
		Configures the Access-Control-Max-Age CORS header. Set to an integer to pass the header, otherwise it is omitted.

		Configures the Access-Control-Max-Age CORS header. Set to an integer to pass
		the header, otherwise it is omitted.

		### credentials
		Configures the Access-Control-Allow-Credentials CORS header. Set to `true` to pass the header, otherwise it is omitted.

		Configures the Access-Control-Allow-Credentials CORS header. Set to `true`
		to pass the header, otherwise it is omitted.

		### methods
		Configures the Access-Control-Allow-Methods CORS header. Expects a comma-delimited string (ex: 'GET,PUT,POST') or an array (ex: `['GET', 'PUT', 'POST']`).

		Configures the Access-Control-Allow-Methods CORS header. Expects a
		comma-delimited string (ex: 'GET,PUT,POST') or an array (ex: `['GET', 'PUT',
		'POST']`).

		### headers
		Configures the Access-Control-Allow-Headers CORS header. Expects a comma-delimited string (ex: 'Content-Type,Authorization') or an array (ex: `['Content-Type', 'Authorization']`). If not specified, defaults to reflecting the headers specified in the request's Access-Control-Request-Headers header.
		Configures the Access-Control-Allow-Headers CORS header. Expects a
		comma-delimited string (ex: 'Content-Type,Authorization') or an array (ex:
		`['Content-Type', 'Authorization]`). If not specified, defaults to reflecting
		the headers specified in the request's Access-Control-Request-Headers
		header.


		For details on the effect of each CORS header, [read this article on HTML5 Rocks](http://www.html5rocks.com/en/tutorials/cors/).
		For details on the effect of each CORS header,
		[read this article on HTML5 Rocks](http://www.html5rocks.com/en/tutorials/cors/).

		@@ -60,4 +81,1 @@

		## Author

		[Everton Yoshitani](https://github.com/evert0n) ([everton@notreve.com](mailto:everton@notreve.com))

test/index.js

		@@ -105,2 +105,16 @@ var koa = require('koa');

		it('should not fix value of "Access-Control-Allow-Headers"', function(done) {
		superagent.get('http://localhost:3000')
		.set('Access-Control-Request-Headers', 'X-Foo')
		.end(function() {
		superagent.get('http://localhost:3000')
		.set('Access-Control-Request-Headers', 'X-Bar')
		.end(function(response) {
		chai.expect(response.get('Access-Control-Allow-Headers')).to.equal('X-Bar');

		done();
		});
		});
		});

		});
		@@ -107,0 +121,0 @@

koa-cors - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics