Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/idiocc/cors

Cross-Origin Resource Sharing (CORS) For Goa.
https://github.com/idiocc/cors

cors goa idio

Last synced: 11 months ago
JSON representation

Cross-Origin Resource Sharing (CORS) For Goa.

Awesome Lists containing this project

README 

          
# @goa/cors



[![npm version](https://badge.fury.io/js/%40goa%2Fcors.svg)](https://www.npmjs.com/package/@goa/cors)



`@goa/cors` is Cross-Origin Resource Sharing ([CORS](https://developer.mozilla.org/en/docs/Web/HTTP/Access_control_CORS)) For Goa.



```sh

yarn add @goa/cors

```



## Table Of Contents



- [Table Of Contents](#table-of-contents)

- [API](#api)

- [`cors(config=: !CorsConfig): !Middleware`](#corsconfig-corsconfig-middleware)

  * [`CorsConfig`](#type-corsconfig)

- [Usage Events](#usage-events)

- [Copyright & License](#copyright--license)





  




## API



The package is available by importing its default function:



```js

import cors from '@goa/cors'

```





  




## cors(
  `config=: !CorsConfig,`
): !Middleware

Cross-Origin Resource Sharing (CORS) For Goa.



 - config !CorsConfig (optional): The config.



__`CorsConfig`__: Options for the program.



 

  Name

  Type & Description

  Default

 

 

  origin

  (string | function(!Context))

  -

 

 

 

  

   Access-Control-Allow-Origin header, default is taken from the Origin request header.

  

 

 

  allowMethods

  (string | !Array<string>)

  GET,HEAD,PUT,POST,DELETE,PATCH

 

 

 

  

   Access-Control-Allow-Methods header.

  

 

 

  exposeHeaders

  (string | !Array<string>)

  -

 

 

 

  

   Access-Control-Expose-Headers header.

  

 

 

  allowHeaders

  (string | !Array<string>)

  -

 

 

 

  

   Access-Control-Allow-Headers header.

  

 

 

  maxAge

  (string | number)

  -

 

 

 

  

   Access-Control-Max-Age header in seconds.

  

 

 

  credentials

  boolean

  false

 

 

 

  

   Access-Control-Max-Age header in seconds.

  

 

 

  keepHeadersOnError

  boolean

  true

 

 

 

  

   Add set headers to err.header if an error is thrown.

  

 



There are 3 main use cases:



**1. Accept any origin form the client**



```js

import Goa from '@goa/koa'

import { aqt } from 'rqt'

import cors from '@goa/cors'



const goa = new Goa()

goa.use(cors())



goa.listen(async function() {

  const { port } = this.address()

  const url = `http://localhost:${port}`



  // 1. accept origin from the host

  const { headers } = await aqt(url, {

    headers: {

      origin: 'www.example.com',

    },

  })

  console.log(headers)

  this.close()

})

```

```js

{ vary: 'Origin',

  'access-control-allow-origin': 'www.example.com',

  'content-type': 'text/plain; charset=utf-8',

  'content-length': '9',

  date: 'Thu, 09 Jan 2020 14:43:05 GMT',

  connection: 'close' }

```



**2. Send out only specific origin**



```js

import Goa from '@goa/koa'

import { aqt } from 'rqt'

import cors from '@goa/cors'



const goa = new Goa()

goa.use(cors({

  origin: 'www.hello-world.com',

}))



goa.listen(async function() {

  const { port } = this.address()

  const url = `http://localhost:${port}`



  // 2. only serve specific origin

  const { headers } = await aqt(url, {

    headers: {

      origin: 'www.example.com',

    },

  })

  console.log(headers)

  this.close()

})

```

```js

{ vary: 'Origin',

  'access-control-allow-origin': 'www.hello-world.com',

  'content-type': 'text/plain; charset=utf-8',

  'content-length': '9',

  date: 'Thu, 09 Jan 2020 14:43:05 GMT',

  connection: 'close' }

```



**3. Pre-flight Requests Via OPTIONS (both above apply)**



```js

import Goa from '@goa/koa'

import { aqt } from 'rqt'

import cors from '@goa/cors'



const goa = new Goa()

goa.use(cors({

  origin: 'www.hello-world.com',

  credentials: true,

  maxAge: 1000,

  allowMethods: ['POST', 'PUT'],

}))



goa.listen(async function() {

  const { port } = this.address()

  const url = `http://localhost:${port}`



  // 3. respond to pre-flight request

  const { statusCode, headers } = await aqt(url, {

    method: 'OPTIONS',

    headers: {

      'Access-Control-Request-Method': 'POST',

      origin: 'www.example.com',

    },

  })

  console.log(statusCode, headers)

  this.close()

})

```

```js

204 { vary: 'Origin',

  'access-control-allow-origin': 'www.hello-world.com',

  'access-control-allow-credentials': 'true',

  'access-control-max-age': '1000',

  'access-control-allow-methods': 'POST,PUT',

  date: 'Thu, 09 Jan 2020 14:43:05 GMT',

  connection: 'close' }

```





  




## Usage Events



This middleware integrates with [_Idio_](https://github.com/idiocc/idio) that collects middleware usage statistics to reward package maintainers. It will emit certain events to bill its usage:



1. `headers`: When setting the headers if origin was present.

1. `options`: When responding to pre-flight requests via the `OPTIONS` http method.



The usage is recorded via the `ctx.neoluddite` context property set by a server such as _Idio_. In future, more fine-grained usage events might appear.





  




## Copyright & License



GNU Affero General Public License v3.0



Affero GPL means that you're not allowed to use this middleware on the web unless you release the source code for your application. This is a restrictive license which has the purpose of defending Open Source work and its creators.



Please refer to the [Idio license agreement](https://github.com/idiocc/idio#copyright--license) for more info on dual-licensing. You're allowed to use this middleware without disclosing the source code if you sign up on [neoluddite.dev](https://neoluddite.dev) package reward scheme.



Original Work by [dead-horse & contributors](https://github.com/koajs/cors) licensed under MIT found in [COPYING](COPYING).



  idiocc© Idio 2020