JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 52421
  • Score
    100M100P100Q156319F
  • License MIT

tinyhttp CORS module

Package Exports

  • @tinyhttp/cors

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@tinyhttp/cors) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

@tinyhttp/cors

npm GitHub Workflow Status Coverage

A rewrite of expressjs/cors module.

HTTP cors header middleware.

Install

pnpm i @tinyhttp/cors

API

import { cors } from '@tinyhttp/cors'

cors(options)

Returns the CORS middleware with the settings specified in the parameters

Options

  • origin: Can be a string defining the Access-Control-Allow-Origin value, a boolean which if set to true sets the header to '*', a Regex type, an array (for multiple origins) or a function which contains the request and response as parameters and must return the value for the Access-Control-Allow-Origin header
  • methods: Array of method names which define the Access-Control-Allow-Methods header, default to all the most common methods (GET, HEAD, PUT, PATCH, POST, DELETE)
  • allowedHeaders: Configures the Access-Control-Allow-Headers CORS header. Expects an array (ex: ['Content-Type', 'Authorization']).
  • exposedHeaders: Configures the Access-Control-Expose-Headers CORS header. If not specified, no custom headers are exposed
  • credentials: Configures the Access-Control-Allow-Credentials CORS header. Set to true to pass the header, otherwise it is omitted.
  • maxAge: Configures the Access-Control-Max-Age CORS header. Set to an integer to pass the header, otherwise it is omitted.
  • optionsSuccessStatus: Provides a status code to use for successful OPTIONS requests, since some legacy browsers (IE11, various SmartTVs) choke on 204.
  • preflightContinue: Set 204 and finish response if true, call next if false.

The default configuration is:

{
  "origin": "*",
  "methods": ["GET", "HEAD", "PUT", "PATCH", "POST", "DELETE"],
  "optionsSuccessStatus": 204,
  "preflightContinue": false
}

Example

import { App } from '@tinyhttp/app'
import { cors } from '@tinyhttp/cors'

const app = new App()

app
  .use(cors({ origin: 'https://myfantastic.site/' }))
  .options('*', cors())
  .get('/', (req, res) => {
    res.send('The headers contained in my response are defined in the cors middleware')
  })
  .listen(3000)