middleware-cors
yarn add @marblejs/middleware-cors
Requires @marblejs/core to be installed.
import { cors$ } from '@marblejs/middleware-cors';
cors$ :: CORSOptions -> HttpMiddlewareEffect
parameter | definition |
options | <optional> |
CORSOptions
parameter | definition |
origin | <optional> |
methods | <optional> |
optionsSuccessStatus | <optional> |
allowHeaders | <optional> |
exposeHeaders | <optional> |
withCredentials | <optional> |
maxAge | <optional> |
This object allows you to configure CORS headers with various options. Both methods and exposeHeaders support wildcard. By default options are configured as following.
{origin: '*',methods: ['HEAD', 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'],withCredentials: false,optionsSuccessStatus: HttpStatus.NO_CONTENT, // 204}
Note that provided options are merged with default options so you need to overwrite each default parameter you want to customize.
import { httpListener } from '@marblejs/core';import { cors$ } from '@marblejs/middleware-cors';export const listener = httpListener({middlewares: [cors$({origin: '*',allowHeaders: '*',methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'],})],effects: [/* ... */],});
For security purpose it's better to be strict as possible when configuring CORS options.
import { httpListener } from '@marblejs/core';import { cors$ } from '@marblejs/middleware-cors';export const listener = httpListener({middlewares: [cors$({origin: ['http://example1.com', 'http://example2.com'],allowHeaders: ['Origin', 'Authorization', 'Content-Type'],methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'],})],effects: [/* ... */],});
Headers notation is case insensitive. content-type will also work.
