Middy CORS middleware

Middy logo

CORS middleware for the middy framework, the stylish Node.js middleware engine for AWS Lambda

npm version npm install size GitHub Actions CI status badge
Standard Code Style Known Vulnerabilities Language grade: JavaScript Core Infrastructure Initiative (CII) Best Practices
Chat on Gitter Ask questions on StackOverflow

You can read the documentation at: https://middy.js.org/docs/middlewares/http-cors

This middleware sets HTTP CORS headers (`Access-Control-Allow-Origin`, `Access-Control-Allow-Headers`, `Access-Control-Allow-Credentials`), necessary for making cross-origin requests, to the response object. Sets headers in `after` and `onError` phases. ## Install To install this middleware you can use NPM: ```bash npm install --save @middy/http-cors ``` ## Options - `credentials` (boolean) (default `undefined`): if true, sets `Access-Control-Allow-Credentials` - `headers` (string) (default `undefined`): value to put in `Access-Control-Allow-Headers` - `methods` (string) (default `undefined`): value to put in `Access-Control-Allow-Methods` - `getOrigin` (function(incomingOrigin:string, options)): take full control of the generating the returned origin. Defaults to using the origin or origins option. - `origin` (string) (default `'*'`): origin to put in the header - `origins` (array) (default `[]`): An array of allowed origins. The incoming origin is matched against the list and is returned if present. - `exposeHeaders` (string) (default `undefined`): value to put in `Access-Control-Expose-Headers` - `maxAge` (string) (default `undefined`): value to put in `Access-Control-Max-Age` header - `requestHeaders` (string) (default `undefined`): value to put in `Access-Control-Request-Headers` - `requestMethods` (string) (default `undefined`): value to put in `Access-Control-Request-Methods` - `cacheControl` (string) (default `undefined`): value to put in `Cache-Control header` on pre-flight (OPTIONS) requests - `vary` (string) (default `undefined`): value to put in `Vary`, will set to `Origin` if `Access-Control-Allow-Origin` is not `*` and option unset. ```javascript import middy from '@middy/core' import httpErrorHandler from '@middy/http-error-handler' import cors from '@middy/http-cors' const handler = middy((event, context) => { throw new createError.UnprocessableEntity() }) handler.use(httpErrorHandler()) .use(cors()) // when Lambda runs the handler... handler({}, {}, (_, response) => { t.is(response.headers['Access-Control-Allow-Origin'],'*') t.deepEqual(response,{ statusCode: 422, body: 'Unprocessable Entity' }) }) ``` ## Sample usage ```javascript import middy from '@middy/core' import cors from '@middy/http-cors' const handler = middy((event, context) => { return {} }) handler.use(cors()) // when Lambda runs the handler... handler({}, {}, (_, response) => { t.is(response.headers['Access-Control-Allow-Origin'],'*') }) ``` ## Middy documentation and examples For more documentation and examples, refers to the main [Middy monorepo on GitHub](https://github.com/middyjs/middy) or [Middy official website](https://middy.js.org). ## Contributing Everyone is very welcome to contribute to this repository. Feel free to [raise issues](https://github.com/middyjs/middy/issues) or to [submit Pull Requests](https://github.com/middyjs/middy/pulls). ## License Licensed under [MIT License](LICENSE). Copyright (c) 2017-2022 [Luciano Mammino](https://github.com/lmammino), [will Farrell](https://github.com/willfarrell), and the [Middy team](https://github.com/middyjs/middy/graphs/contributors). FOSSA Status