Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
restify-cors-middleware2
Advanced tools
Readme
CORS middleware with full W3C spec support.
$ npm install restify-cors-middleware2 --save
const corsMiddleware = require('restify-cors-middleware2')
const cors = corsMiddleware({
preflightMaxAge: 5, //Optional
origins: ['http://api.myapp.com', 'http://web.myapp.com'],
allowHeaders: ['API-Token'],
exposeHeaders: ['API-Token-Expiry']
})
server.pre(cors.preflight)
server.use(cors.actual)
You can specify the full list of domains and subdomains allowed in your application, using strings or regular expressions.
origins: [
'http://myapp.com',
'http://*.myapp.com',
/^https?:\/\/myapp.com(:[\d]+)?$/
]
For added security, this middleware sets Access-Control-Allow-Origin
to the origin that matched, not the configured wildcard.
This means callers won't know about other domains that are supported.
Setting origins: ['*']
is also valid, although it comes with obvious security implications. Note that it will still return a customised response (matching Origin), so any caching layer (reverse proxy or CDN) will grow in size accordingly.
By default, credentials are not allowed for the *
origin. This can be
overridden with the allowCredentialsAllOrigins
option.
As per the spec, requests without an Origin
will not receive any CORS headers. Requests with a matching Origin
will receive the appropriate response headers. Always be careful that any reverse proxies (e.g. Varnish) vary their cache depending on the origin, so you don't serve CORS headers to the wrong request.
See unit tests for examples of preflight and actual requests.
A basic declaration file has been added (thanks to Dane Horak), but we don't use TypeScript locally, so we have not validated it. Let us know if there is more that can be added.
FAQs
CORS middleware with full W3C spec support
The npm package restify-cors-middleware2 receives a total of 6,765 weekly downloads. As such, restify-cors-middleware2 popularity was classified as popular.
We found that restify-cors-middleware2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.