@marblejs/middleware-cors
A CORS middleware for Marble.js

Installation

1
yarn add @marblejs/middleware-cors
Copied!
Requires @marblejs/core to be installed.

Importing

1
import { cors$ } from '@marblejs/middleware-cors';
Copied!

Type declaration

1
cors$ :: CORSOptions -> HttpMiddlewareEffect
Copied!

Parameters

parameter
definition
options
<optional> CORSOptions
CORSOptions
parameter
definition
origin
<optional> string | string[] | RegExp
methods
<optional> HttpMethod[]
optionsSuccessStatus
<optional> HttpStatus
allowHeaders
<optional> string | string[]
exposeHeaders
<optional> string[]
withCredentials
<optional> boolean
maxAge
<optional> number
This object allows you to configure CORS headers with various options. Both methods and exposeHeaders support wildcard. By default options are configured as following.
1
{
2
origin: '*',
3
methods: ['HEAD', 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'],
4
withCredentials: false,
5
optionsSuccessStatus: HttpStatus.NO_CONTENT, // 204
6
}
Copied!
Note that provided options are merged with default options so you need to overwrite each default parameter you want to customize.

Basic usage

1
import { httpListener } from '@marblejs/core';
2
import { cors$ } from '@marblejs/middleware-cors';
3
4
export const listener = httpListener({
5
middlewares: [
6
cors$({
7
origin: '*',
8
allowHeaders: '*',
9
methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'],
10
})
11
],
12
effects: [/* ... */],
13
});
Copied!
For security purpose it's better to be strict as possible when configuring CORS options.

Strict usage

1
import { httpListener } from '@marblejs/core';
2
import { cors$ } from '@marblejs/middleware-cors';
3
4
export const listener = httpListener({
5
middlewares: [
6
cors$({
7
origin: ['http://example1.com', 'http://example2.com'],
8
allowHeaders: ['Origin', 'Authorization', 'Content-Type'],
9
methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'],
10
})
11
],
12
effects: [/* ... */],
13
});
Copied!
Headers notation is case insensitive. content-type will also work.
Last modified 1yr ago