Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
104 lines (79 sloc) 2.38 KB
description
A CORS middleware for Marble.js

middleware-cors

Installation

$ npm i @marblejs/middleware-cors

Requires @marblejs/core to be installed.

Importing

import { cors$ } from '@marblejs/middleware-cors';

Type declaration

cors$ :: CORSOptions -> HttpMiddlewareEffect

Parameters

parameter definition
options <optional> CORSOptions

CORSOptions

parameter definition
origin <optional> `string
methods <optional> HttpMethod[]
optionsSuccessStatus <optional> HttpStatus
allowHeaders <optional> `string
exposeHeaders <optional> string[]
withCredentials <optional> boolean
maxAge <optional> number

This object allows you to configure CORS headers with various options. Both methods and exposeHeaders support wildcard. By default options are configured as following.

{ 
  origin: '*',
  methods: ['HEAD', 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'],
  withCredentials: false,
  optionsSuccessStatus: HttpStatus.NO_CONTENT, // 204
}

Note that provided options are merged with default options so you need to overwrite each default parameter you want to customize.

Basic usage

{% code-tabs %} {% code-tabs-item title="app.ts" %}

import { cors$ } from '@marblejs/middleware-cors';

export default httpListener({
  middlewares: [
    cors$({
      origin: '*',
      allowHeaders: '*',
      methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'],
    })
  ],
  effects: [/* ... */],
});

{% endcode-tabs-item %} {% endcode-tabs %}

For security purpose it's better to be strict as possible when configuring CORS options.

Strict usage

{% code-tabs %} {% code-tabs-item title="app.ts" %}

import { cors$ } from '@marblejs/middleware-cors';

export default httpListener({
  middlewares: [
    cors$({
      origin: ['http://example1.com', 'http://example2.com'],
      allowHeaders: ['Origin', 'Authorization', 'Content-Type'],
      methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'],
    })
  ],
  effects: [/* ... */],
});

{% endcode-tabs-item %} {% endcode-tabs %}

Headers notation is case insensitive. content-type will also work.

You can’t perform that action at this time.