Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/idiocc/cors
Cross-Origin Resource Sharing (CORS) For Goa.
https://github.com/idiocc/cors
cors goa idio
Last synced: about 1 month ago
JSON representation
Cross-Origin Resource Sharing (CORS) For Goa.
- Host: GitHub
- URL: https://github.com/idiocc/cors
- Owner: idiocc
- License: agpl-3.0
- Created: 2019-12-08T18:33:14.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2020-01-09T14:44:53.000Z (about 5 years ago)
- Last Synced: 2024-12-05T22:17:37.921Z (about 2 months ago)
- Topics: cors, goa, idio
- Language: JavaScript
- Size: 107 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: COPYING
Awesome Lists containing this project
README
# @goa/cors
[](https://www.npmjs.com/package/@goa/cors)
`@goa/cors` is Cross-Origin Resource Sharing ([CORS](https://developer.mozilla.org/en/docs/Web/HTTP/Access_control_CORS)) For Goa.
```sh
yarn add @goa/cors
```
## Table Of Contents
- [Table Of Contents](#table-of-contents)
- [API](#api)
- [`cors(config=: !CorsConfig): !Middleware`](#corsconfig-corsconfig-middleware)
* [`CorsConfig`](#type-corsconfig)
- [Usage Events](#usage-events)
- [Copyright & License](#copyright--license)
## API
The package is available by importing its default function:
```js
import cors from '@goa/cors'
```
## cors(
`config=: !CorsConfig,`
): !Middleware
Cross-Origin Resource Sharing (CORS) For Goa.
- config !CorsConfig (optional): The config.
__`CorsConfig`__: Options for the program.
Name
Type & Description
Default
origin
(string | function(!Context))
-
Access-Control-Allow-Origin header, default is taken from the Origin request header.
allowMethods
(string | !Array<string>)
GET,HEAD,PUT,POST,DELETE,PATCH
Access-Control-Allow-Methods header.
exposeHeaders
(string | !Array<string>)
-
Access-Control-Expose-Headers header.
allowHeaders
(string | !Array<string>)
-
Access-Control-Allow-Headers header.
maxAge
(string | number)
-
Access-Control-Max-Age header in seconds.
credentials
boolean
false
Access-Control-Max-Age header in seconds.
keepHeadersOnError
boolean
true
Add set headers to err.header if an error is thrown.
There are 3 main use cases:
**1. Accept any origin form the client**
```js
import Goa from '@goa/koa'
import { aqt } from 'rqt'
import cors from '@goa/cors'
const goa = new Goa()
goa.use(cors())
goa.listen(async function() {
const { port } = this.address()
const url = `http://localhost:${port}`
// 1. accept origin from the host
const { headers } = await aqt(url, {
headers: {
origin: 'www.example.com',
},
})
console.log(headers)
this.close()
})
```
```js
{ vary: 'Origin',
'access-control-allow-origin': 'www.example.com',
'content-type': 'text/plain; charset=utf-8',
'content-length': '9',
date: 'Thu, 09 Jan 2020 14:43:05 GMT',
connection: 'close' }
```
**2. Send out only specific origin**
```js
import Goa from '@goa/koa'
import { aqt } from 'rqt'
import cors from '@goa/cors'
const goa = new Goa()
goa.use(cors({
origin: 'www.hello-world.com',
}))
goa.listen(async function() {
const { port } = this.address()
const url = `http://localhost:${port}`
// 2. only serve specific origin
const { headers } = await aqt(url, {
headers: {
origin: 'www.example.com',
},
})
console.log(headers)
this.close()
})
```
```js
{ vary: 'Origin',
'access-control-allow-origin': 'www.hello-world.com',
'content-type': 'text/plain; charset=utf-8',
'content-length': '9',
date: 'Thu, 09 Jan 2020 14:43:05 GMT',
connection: 'close' }
```
**3. Pre-flight Requests Via OPTIONS (both above apply)**
```js
import Goa from '@goa/koa'
import { aqt } from 'rqt'
import cors from '@goa/cors'
const goa = new Goa()
goa.use(cors({
origin: 'www.hello-world.com',
credentials: true,
maxAge: 1000,
allowMethods: ['POST', 'PUT'],
}))
goa.listen(async function() {
const { port } = this.address()
const url = `http://localhost:${port}`
// 3. respond to pre-flight request
const { statusCode, headers } = await aqt(url, {
method: 'OPTIONS',
headers: {
'Access-Control-Request-Method': 'POST',
origin: 'www.example.com',
},
})
console.log(statusCode, headers)
this.close()
})
```
```js
204 { vary: 'Origin',
'access-control-allow-origin': 'www.hello-world.com',
'access-control-allow-credentials': 'true',
'access-control-max-age': '1000',
'access-control-allow-methods': 'POST,PUT',
date: 'Thu, 09 Jan 2020 14:43:05 GMT',
connection: 'close' }
```
## Usage Events
This middleware integrates with [_Idio_](https://github.com/idiocc/idio) that collects middleware usage statistics to reward package maintainers. It will emit certain events to bill its usage:
1. `headers`: When setting the headers if origin was present.
1. `options`: When responding to pre-flight requests via the `OPTIONS` http method.
The usage is recorded via the `ctx.neoluddite` context property set by a server such as _Idio_. In future, more fine-grained usage events might appear.
## Copyright & License
GNU Affero General Public License v3.0
Affero GPL means that you're not allowed to use this middleware on the web unless you release the source code for your application. This is a restrictive license which has the purpose of defending Open Source work and its creators.
Please refer to the [Idio license agreement](https://github.com/idiocc/idio#copyright--license) for more info on dual-licensing. You're allowed to use this middleware without disclosing the source code if you sign up on [neoluddite.dev](https://neoluddite.dev) package reward scheme.
Original Work by [dead-horse & contributors](https://github.com/koajs/cors) licensed under MIT found in [COPYING](COPYING).
© Idio 2020
