Baroshem · Baroshem · Mar 7, 2023 · Mar 6, 2023
diff --git a/docs/content/2.security/5.cors-handler.md b/docs/content/2.security/5.cors-handler.md
@@ -3,16 +3,12 @@ title: CORS Handler
 description: ''
 ---
 
-::alert{type="info"}
-This functionality will change in the next major release as h3-cors package was merged to core H3 package. The interface will most probably change but a proper migration process is being developed.
-::
-
-This middleware will help you set your CORS options. Based on <https://github.com/NozomuIkuta/h3-cors>
+This middleware will help you set your CORS options and it is based on built in [H3 CORS](https://github.com/unjs/h3) functionality
 
 This middleware will help you solve [this](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) security problem.
 
 ```ts
-export interface CorsOptions {
+export interface H3CorsOptions {
     origin?: '*' | 'null' | (string | RegExp)[] | ((origin: string) => boolean);
     methods?: '*' | HTTPMethod[];
     allowHeaders?: '*' | string[];
@@ -34,7 +30,6 @@ export default defineNuxtConfig({
       value: {
         origin: '*',
         methods: '*',
-
       },
       route: '/my-custom-route'
     }

diff --git a/package.json b/package.json
@@ -45,7 +45,6 @@
     "stackblitz": "cd .stackblitz && yarn && yarn dev"
   },
   "dependencies": {
-    "@nozomuikuta/h3-cors": "^0.1.5",
     "@nuxt/kit": "^3.2.2",
     "basic-auth": "^2.0.1",
     "defu": "^6.1.1",

diff --git a/src/defaultConfig.ts b/src/defaultConfig.ts
@@ -97,7 +97,6 @@ export const defaultSecurityConfig: ModuleOptions = {
     ...defaultMiddlewareRoute,
     ...defaultThrowErrorValue,
   },
-  // TODO: migrate to native H3 CORS and rename this to `cors`
   corsHandler: {
     // Options by CORS middleware for Express https://github.com/expressjs/cors#configuration-options
     value: {

diff --git a/src/module.ts b/src/module.ts
@@ -3,7 +3,7 @@ import { resolve, normalize } from 'pathe'
 import { defineNuxtModule, addServerHandler, installModule } from '@nuxt/kit'
 import defu, { createDefu } from 'defu'
 import { RuntimeConfig } from '@nuxt/schema'
-import { CorsOptions } from '@nozomuikuta/h3-cors'
+import { H3CorsOptions } from 'h3'
 import {
   AllowedHTTPMethods,
   BasicAuth,
@@ -127,13 +127,11 @@ export default defineNuxtModule<ModuleOptions>({
       })
     }
 
-    // TODO: refactor when migrating to H3 native cors support
     // Register corsHandler middleware with default config that will add CORS setup
-    // Based on '@nozomuikuta/h3-cors' package
     const corsHandlerConfig = nuxt.options.security.corsHandler
     if (corsHandlerConfig) {
       addServerHandler({
-        route: (corsHandlerConfig as MiddlewareConfiguration<CorsOptions>)
+        route: (corsHandlerConfig as MiddlewareConfiguration<H3CorsOptions>)
           .route,
         handler: normalize(
           resolve(runtimeDir, 'server/middleware/corsHandler')

diff --git a/src/runtime/server/middleware/corsHandler.ts b/src/runtime/server/middleware/corsHandler.ts
@@ -1,8 +1,8 @@
-// TODO: remove when migrating to native H3 cors functionality
-import { defineEventHandler } from 'h3'
-import { defineCorsEventHandler } from '@nozomuikuta/h3-cors'
+import { defineEventHandler, handleCors } from 'h3'
 import { useRuntimeConfig } from '#imports'
 
 const securityConfig = useRuntimeConfig().security
 
-export default defineEventHandler(defineCorsEventHandler(securityConfig.corsHandler.value))
+export default defineEventHandler((event) => {
+  handleCors(event, securityConfig.corsHandler.value)
+})
diff --git a/src/types.ts b/src/types.ts
@@ -1,5 +1,4 @@
-// TODO: remove when migrating to native H3 cors functionality
-import { CorsOptions } from '@nozomuikuta/h3-cors'
+import { H3CorsOptions } from 'h3'
 import { ModuleOptions as CsrfOptions } from 'nuxt-csurf'
 
 export type RequestSizeLimiter = {
@@ -155,11 +154,7 @@ export interface ModuleOptions {
   requestSizeLimiter: MiddlewareConfiguration<RequestSizeLimiter> | false;
   rateLimiter: MiddlewareConfiguration<RateLimiter> | false;
   xssValidator: MiddlewareConfiguration<XssValidator> | false;
-  /**
-   * @deprecated `h3-cors` package was merged to core H3. Migrate to a new interface and functionality and change the name to `cors`.
-   * This works for now, but will be changed with the next major release.
-   */
-  corsHandler: MiddlewareConfiguration<CorsOptions> | false;
+  corsHandler: MiddlewareConfiguration<H3CorsOptions> | false;
   allowedMethodsRestricter: MiddlewareConfiguration<AllowedHTTPMethods> | false;
   hidePoweredBy: boolean;
   basicAuth: MiddlewareConfiguration<BasicAuth> | boolean;

diff --git a/yarn.lock b/yarn.lock
@@ -761,11 +761,6 @@
     "@nodelib/fs.scandir" "2.1.5"
     fastq "^1.6.0"
 
-"@nozomuikuta/h3-cors@^0.1.5":
-  version "0.1.8"
-  resolved "https://registry.npmjs.org/@nozomuikuta/h3-cors/-/h3-cors-0.1.8.tgz"
-  integrity sha512-qWe2mUfnjxaBwTYKNM/9GrGK0nciyynn5Lk/sv8wYpKbloaoJFB98onBWMTotV5e/l8CCoelsr1oz4qYb7FdHg==
-
 "@nuxt/devalue@^2.0.0":
   version "2.0.0"
   resolved "https://registry.npmjs.org/@nuxt/devalue/-/devalue-2.0.0.tgz"