UNPKG

@worker-tools/middleware/esm/cors.js

Version:

4.32 kBJavaScriptView Raw

1export const ORIGIN = 'Origin';
2export const REQUEST_METHOD = 'Access-Control-Request-Method';
3export const REQUEST_HEADERS = 'Access-Control-Request-Headers';
4export const ALLOW_ORIGIN = 'Access-Control-Allow-Origin';
5export const ALLOW_METHODS = 'Access-Control-Allow-Methods';
6export const ALLOW_HEADERS = 'Access-Control-Allow-Headers';
7export const ALLOW_CREDENTIALS = 'Access-Control-Allow-Credentials';
8export const VARY = 'VARY';
9const SECOND = { unit: 'second', relativeTo: '1970-01-01' };
10const isDuration = (x) => (x === null || x === void 0 ? void 0 : x[Symbol.toStringTag]) === 'Temporal.Duration';
11const toMaxAge = (x) => (isDuration(x) ? x.total(SECOND) : x).toString();
12/**
* A CORS middleware that gives clients exactly the permissions they ask for, unless constrained by the definitions in `options`.
*
* Note that applying this middleware to your routes isn't enough for non-GET requests.
* Pre-flight/OPTIONS routes need to be added manually:
* ```
* router.options('/your/path', anyCORS(), () => noContent())
* router.post('/your/path', anyCORS(), (req, {}) => ok())
* ```
*/
22export const cors = (options = {}) => async (ax) => {
  const x = await ax;
  const req = x.request;
  x.effects.push(res => {
      var _a, _b, _c, _d, _e, _f, _g, _h;
      const optOrigin = typeof options.origin === 'string'
          ? new URL(options.origin)
          : options.origin;
      res.headers.set(ALLOW_ORIGIN, (_b = (_a = optOrigin === null || optOrigin === void 0 ? void 0 : optOrigin.origin) !== null && _a !== void 0 ? _a : req.headers.get(ORIGIN)) !== null && _b !== void 0 ? _b : '*');
      const requestedMethod = req.headers.get(REQUEST_METHOD);
      if (requestedMethod && ((_d = (_c = options.methods) === null || _c === void 0 ? void 0 : _c.includes(requestedMethod)) !== null && _d !== void 0 ? _d : true)) {
          res.headers.append(ALLOW_METHODS, requestedMethod);
      }
      const requestedHeaders = new Set((_f = (_e = req.headers.get(REQUEST_HEADERS)) === null || _e === void 0 ? void 0 : _e.split(',')) === null || _f === void 0 ? void 0 : _f.map(h => h.trim()));
      for (const h of (_h = (_g = options.headers) === null || _g === void 0 ? void 0 : _g.filter(h => requestedHeaders.has(h))) !== null && _h !== void 0 ? _h : requestedHeaders) {
          res.headers.append(ALLOW_HEADERS, h);
      }
      if (options.credentials)
          res.headers.set(ALLOW_CREDENTIALS, 'true');
      if (options.maxAge)
          res.headers.set('Access-Control-Max-Age', toMaxAge(options.maxAge));
      if (!options.origin)
          res.headers.append(VARY, ORIGIN);
      if (!options.methods)
          res.headers.append(VARY, REQUEST_METHOD);
      if (!options.headers)
          res.headers.append(VARY, REQUEST_HEADERS);
      return res;
  });
  return x;
52};
53export { cors as anyCORS };
54/**
* A CORS middleware that only grants the permissions defined via `options`.
*
* Note that applying this middleware to your routes isn't enough for non-GET requests.
* Pre-flight/OPTIONS routes need to be added manually:
* ```
* router.options('/your/path', strictCORS({ ... }), () => noContent())
* router.post('/your/path', strictCORS({ ... }), (req, {}) => ok())
* ```
*/
64export const strictCORS = (options) => async (ax) => {
  const x = await ax;
  const req = x.request;
  x.effects.push(res => {
      const optOrigin = typeof options.origin === 'string'
          ? new URL(options.origin)
          : options.origin;
      res.headers.set(ALLOW_ORIGIN, optOrigin.origin);
      const requestedMethod = req.headers.get(REQUEST_METHOD);
      if (requestedMethod && options.methods.includes(requestedMethod)) {
          for (const m of options.methods) {
              res.headers.append(ALLOW_METHODS, m);
          }
      }
      if (req.headers.get(REQUEST_HEADERS)) {
          for (const h of options.headers) {
              res.headers.append(ALLOW_HEADERS, h);
          }
      }
      if (options.credentials)
          res.headers.set(ALLOW_CREDENTIALS, 'true');
      if (options.maxAge)
          res.headers.set('Access-Control-Max-Age', toMaxAge(options.maxAge));
      return res;
  });
  return x;
90};
91//# sourceMappingURL=cors.js.map
\No newline at end of file

1	`export const ORIGIN = 'Origin';`
2	`export const REQUEST_METHOD = 'Access-Control-Request-Method';`
3	`export const REQUEST_HEADERS = 'Access-Control-Request-Headers';`
4	`export const ALLOW_ORIGIN = 'Access-Control-Allow-Origin';`
5	`export const ALLOW_METHODS = 'Access-Control-Allow-Methods';`
6	`export const ALLOW_HEADERS = 'Access-Control-Allow-Headers';`
7	`export const ALLOW_CREDENTIALS = 'Access-Control-Allow-Credentials';`
8	`export const VARY = 'VARY';`
9	`const SECOND = { unit: 'second', relativeTo: '1970-01-01' };`
10	`const isDuration = (x) => (x === null \|\| x === void 0 ? void 0 : x[Symbol.toStringTag]) === 'Temporal.Duration';`
11	`const toMaxAge = (x) => (isDuration(x) ? x.total(SECOND) : x).toString();`
12	`/**`
13	* A CORS middleware that gives clients exactly the permissions they ask for, unless constrained by the definitions in `options`.
14	`*`
15	`* Note that applying this middleware to your routes isn't enough for non-GET requests.`
16	`* Pre-flight/OPTIONS routes need to be added manually:`
17	* ```
18	`* router.options('/your/path', anyCORS(), () => noContent())`
19	`* router.post('/your/path', anyCORS(), (req, {}) => ok())`
20	* ```
21	`*/`
22	`export const cors = (options = {}) => async (ax) => {`
23	`const x = await ax;`
24	`const req = x.request;`
25	`x.effects.push(res => {`
26	`var _a, _b, _c, _d, _e, _f, _g, _h;`
27	`const optOrigin = typeof options.origin === 'string'`
28	`? new URL(options.origin)`
29	`: options.origin;`
30	`res.headers.set(ALLOW_ORIGIN, (_b = (_a = optOrigin === null \|\| optOrigin === void 0 ? void 0 : optOrigin.origin) !== null && _a !== void 0 ? _a : req.headers.get(ORIGIN)) !== null && _b !== void 0 ? _b : '*');`
31	`const requestedMethod = req.headers.get(REQUEST_METHOD);`
32	`if (requestedMethod && ((_d = (_c = options.methods) === null \|\| _c === void 0 ? void 0 : _c.includes(requestedMethod)) !== null && _d !== void 0 ? _d : true)) {`
33	`res.headers.append(ALLOW_METHODS, requestedMethod);`
34	`}`
35	`const requestedHeaders = new Set((_f = (_e = req.headers.get(REQUEST_HEADERS)) === null \|\| _e === void 0 ? void 0 : _e.split(',')) === null \|\| _f === void 0 ? void 0 : _f.map(h => h.trim()));`
36	`for (const h of (_h = (_g = options.headers) === null \|\| _g === void 0 ? void 0 : _g.filter(h => requestedHeaders.has(h))) !== null && _h !== void 0 ? _h : requestedHeaders) {`
37	`res.headers.append(ALLOW_HEADERS, h);`
38	`}`
39	`if (options.credentials)`
40	`res.headers.set(ALLOW_CREDENTIALS, 'true');`
41	`if (options.maxAge)`
42	`res.headers.set('Access-Control-Max-Age', toMaxAge(options.maxAge));`
43	`if (!options.origin)`
44	`res.headers.append(VARY, ORIGIN);`
45	`if (!options.methods)`
46	`res.headers.append(VARY, REQUEST_METHOD);`
47	`if (!options.headers)`
48	`res.headers.append(VARY, REQUEST_HEADERS);`
49	`return res;`
50	`});`
51	`return x;`
52	`};`
53	`export { cors as anyCORS };`
54	`/**`
55	* A CORS middleware that only grants the permissions defined via `options`.
56	`*`
57	`* Note that applying this middleware to your routes isn't enough for non-GET requests.`
58	`* Pre-flight/OPTIONS routes need to be added manually:`
59	* ```
60	`* router.options('/your/path', strictCORS({ ... }), () => noContent())`
61	`* router.post('/your/path', strictCORS({ ... }), (req, {}) => ok())`
62	* ```
63	`*/`
64	`export const strictCORS = (options) => async (ax) => {`
65	`const x = await ax;`
66	`const req = x.request;`
67	`x.effects.push(res => {`
68	`const optOrigin = typeof options.origin === 'string'`
69	`? new URL(options.origin)`
70	`: options.origin;`
71	`res.headers.set(ALLOW_ORIGIN, optOrigin.origin);`
72	`const requestedMethod = req.headers.get(REQUEST_METHOD);`
73	`if (requestedMethod && options.methods.includes(requestedMethod)) {`
74	`for (const m of options.methods) {`
75	`res.headers.append(ALLOW_METHODS, m);`
76	`}`
77	`}`
78	`if (req.headers.get(REQUEST_HEADERS)) {`
79	`for (const h of options.headers) {`
80	`res.headers.append(ALLOW_HEADERS, h);`
81	`}`
82	`}`
83	`if (options.credentials)`
84	`res.headers.set(ALLOW_CREDENTIALS, 'true');`
85	`if (options.maxAge)`
86	`res.headers.set('Access-Control-Max-Age', toMaxAge(options.maxAge));`
87	`return res;`
88	`});`
89	`return x;`
90	`};`
91	`//# sourceMappingURL=cors.js.map`
\	No newline at end of file