@middy/http-cors 2.5.2 → 2.5.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +3 -3
  2. package/index.d.ts +2 -1
  3. package/index.js +75 -61
  4. package/package.json +4 -4
package/README.md CHANGED
@@ -43,14 +43,14 @@ npm install --save @middy/http-cors
43
43
 
44
44
  - `credentials` (bool) (optional): if true, sets `Access-Control-Allow-Credentials` (default `false`)
45
45
  - `headers` (string) (optional): value to put in `Access-Control-Allow-Headers` (default: `false`)
46
- - `methods` (string) (optional): value to put in `Access-Control-Allow-Mehtods` (default: `false`)
46
+ - `methods` (string) (optional): value to put in `Access-Control-Allow-Methods` (default: `false`)
47
47
  - `getOrigin` (function(incomingOrigin:string, options)) (optional): take full control of the generating the returned origin. Defaults to using the origin or origins option.
48
48
  - `origin` (string) (optional): origin to put in the header (default: "`*`")
49
49
  - `origins` (array) (optional): An array of allowed origins. The incoming origin is matched against the list and is returned if present.
50
50
  - `exposeHeaders` (string) (optional): value to put in `Access-Control-Expose-Headers` (default: `false`)
51
51
  - `maxAge` (string) (optional): value to put in Access-Control-Max-Age header (default: `null`)
52
52
  - `requestHeaders` (string) (optional): value to put in `Access-Control-Request-Headers` (default: `false`)
53
- - `requestMethods` (string) (optional): value to put in `Access-Control-Request-Mehtods` (default: `false`)
53
+ - `requestMethods` (string) (optional): value to put in `Access-Control-Request-Methods` (default: `false`)
54
54
  - `cacheControl` (string) (optional): value to put in Cache-Control header on pre-flight (OPTIONS) requests (default: `null`)
55
55
 
56
56
  ```javascript
@@ -59,7 +59,7 @@ import httpErrorHandler from '@middy/http-error-handler'
59
59
  import cors from '@middy/http-cors'
60
60
 
61
61
  const handler = middy((event, context) => {
62
- throw new createError.UnprocessableEntity()
62
+ throw createError(422)
63
63
  })
64
64
  handler.use(httpErrorHandler())
65
65
  .use(cors())
package/index.d.ts CHANGED
@@ -1,6 +1,7 @@
1
1
  import middy from '@middy/core'
2
2
 
3
- interface Options {
3
+ export interface Options {
4
+ getOrigin?: (incomingOrigin: string, options: Options) => string
4
5
  credentials?: boolean | string
5
6
  headers?: string
6
7
  methods?: string
package/index.js CHANGED
@@ -1,24 +1,19 @@
1
- "use strict";
2
-
3
- const {
4
- normalizeHttpResponse
5
- } = require('@middy/util');
1
+ const { normalizeHttpResponse } = require('@middy/util')
6
2
 
7
3
  const getOrigin = (incomingOrigin, options) => {
8
- if ((options === null || options === void 0 ? void 0 : options.origins.length) > 0) {
4
+ if (options?.origins.length > 0) {
9
5
  if (incomingOrigin && options.origins.includes(incomingOrigin)) {
10
- return incomingOrigin;
6
+ return incomingOrigin
11
7
  } else {
12
- return options.origins[0];
8
+ return options.origins[0]
13
9
  }
14
10
  } else {
15
11
  if (incomingOrigin && options.credentials && options.origin === '*') {
16
- return incomingOrigin;
12
+ return incomingOrigin
17
13
  }
18
-
19
- return options.origin;
14
+ return options.origin
20
15
  }
21
- };
16
+ }
22
17
 
23
18
  const defaults = {
24
19
  getOrigin,
@@ -32,79 +27,98 @@ const defaults = {
32
27
  requestHeaders: undefined,
33
28
  requestMethods: undefined,
34
29
  cacheControl: undefined
35
- };
30
+ }
36
31
 
37
32
  const httpCorsMiddleware = (opts = {}) => {
38
- const options = { ...defaults,
39
- ...opts
40
- };
41
-
42
- const httpCorsMiddlewareAfter = async request => {
43
- var _request$event, _request$event2, _request$event2$reque, _request$event2$reque2;
33
+ const options = { ...defaults, ...opts }
44
34
 
35
+ const httpCorsMiddlewareAfter = async (request) => {
45
36
  // API Gateway v1 & v2
46
- if (!((_request$event = request.event) !== null && _request$event !== void 0 && _request$event.httpMethod) && !((_request$event2 = request.event) !== null && _request$event2 !== void 0 && (_request$event2$reque = _request$event2.requestContext) !== null && _request$event2$reque !== void 0 && (_request$event2$reque2 = _request$event2$reque.http) !== null && _request$event2$reque2 !== void 0 && _request$event2$reque2.method)) return;
47
- request.response = normalizeHttpResponse(request.response);
48
- const existingHeaders = Object.keys(request.response.headers); // Check if already setup the header Access-Control-Allow-Credentials
37
+ if (!request.event?.httpMethod && !request.event?.requestContext?.http?.method) return
49
38
 
39
+ request.response = normalizeHttpResponse(request.response)
40
+
41
+ const existingHeaders = Object.keys(request.response.headers)
42
+
43
+ // Check if already setup the header Access-Control-Allow-Credentials
50
44
  if (existingHeaders.includes('Access-Control-Allow-Credentials')) {
51
- options.credentials = request.response.headers['Access-Control-Allow-Credentials'] === 'true';
45
+ options.credentials =
46
+ request.response.headers['Access-Control-Allow-Credentials'] === 'true'
52
47
  }
53
-
54
48
  if (options.credentials) {
55
- request.response.headers['Access-Control-Allow-Credentials'] = String(options.credentials);
56
- } // Check if already setup Access-Control-Allow-Headers
57
-
58
-
59
- if (options.headers && !existingHeaders.includes('Access-Control-Allow-Headers')) {
60
- request.response.headers['Access-Control-Allow-Headers'] = options.headers;
61
- } // Check if already setup Access-Control-Allow-Methods
62
-
49
+ request.response.headers['Access-Control-Allow-Credentials'] = String(
50
+ options.credentials
51
+ )
52
+ }
63
53
 
64
- if (options.methods && !existingHeaders.includes('Access-Control-Allow-Methods')) {
65
- request.response.headers['Access-Control-Allow-Methods'] = options.methods;
66
- } // Check if already setup the header Access-Control-Allow-Origin
54
+ // Check if already setup Access-Control-Allow-Headers
55
+ if (
56
+ options.headers &&
57
+ !existingHeaders.includes('Access-Control-Allow-Headers')
58
+ ) {
59
+ request.response.headers['Access-Control-Allow-Headers'] = options.headers
60
+ }
67
61
 
62
+ // Check if already setup Access-Control-Allow-Methods
63
+ if (
64
+ options.methods &&
65
+ !existingHeaders.includes('Access-Control-Allow-Methods')
66
+ ) {
67
+ request.response.headers['Access-Control-Allow-Methods'] = options.methods
68
+ }
68
69
 
70
+ // Check if already setup the header Access-Control-Allow-Origin
69
71
  if (!existingHeaders.includes('Access-Control-Allow-Origin')) {
70
- var _request$event$header, _request$event3, _eventHeaders$origin;
71
-
72
- const eventHeaders = (_request$event$header = (_request$event3 = request.event) === null || _request$event3 === void 0 ? void 0 : _request$event3.headers) !== null && _request$event$header !== void 0 ? _request$event$header : {};
73
- const incomingOrigin = (_eventHeaders$origin = eventHeaders.origin) !== null && _eventHeaders$origin !== void 0 ? _eventHeaders$origin : eventHeaders.Origin;
74
- request.response.headers['Access-Control-Allow-Origin'] = options.getOrigin(incomingOrigin, options);
75
- } // Check if already setup Access-Control-Expose-Headers
76
-
72
+ const eventHeaders = request.event?.headers ?? {}
73
+ const incomingOrigin = eventHeaders.origin ?? eventHeaders.Origin
74
+ request.response.headers[
75
+ 'Access-Control-Allow-Origin'
76
+ ] = options.getOrigin(incomingOrigin, options)
77
+ }
77
78
 
78
- if (options.exposeHeaders && !existingHeaders.includes('Access-Control-Expose-Headers')) {
79
- request.response.headers['Access-Control-Expose-Headers'] = options.exposeHeaders;
79
+ // Check if already setup Access-Control-Expose-Headers
80
+ if (
81
+ options.exposeHeaders &&
82
+ !existingHeaders.includes('Access-Control-Expose-Headers')
83
+ ) {
84
+ request.response.headers['Access-Control-Expose-Headers'] =
85
+ options.exposeHeaders
80
86
  }
81
87
 
82
88
  if (options.maxAge && !existingHeaders.includes('Access-Control-Max-Age')) {
83
- request.response.headers['Access-Control-Max-Age'] = String(options.maxAge);
84
- } // Check if already setup Access-Control-Request-Headers
85
-
86
-
87
- if (options.requestHeaders && !existingHeaders.includes('Access-Control-Request-Headers')) {
88
- request.response.headers['Access-Control-Request-Headers'] = options.requestHeaders;
89
- } // Check if already setup Access-Control-Request-Methods
89
+ request.response.headers['Access-Control-Max-Age'] = String(
90
+ options.maxAge
91
+ )
92
+ }
90
93
 
94
+ // Check if already setup Access-Control-Request-Headers
95
+ if (
96
+ options.requestHeaders &&
97
+ !existingHeaders.includes('Access-Control-Request-Headers')
98
+ ) {
99
+ request.response.headers['Access-Control-Request-Headers'] =
100
+ options.requestHeaders
101
+ }
91
102
 
92
- if (options !== null && options !== void 0 && options.requestMethods && !existingHeaders.includes('Access-Control-Request-Methods')) {
93
- request.response.headers['Access-Control-Request-Methods'] = options.requestMethods;
103
+ // Check if already setup Access-Control-Request-Methods
104
+ if (
105
+ options?.requestMethods &&
106
+ !existingHeaders.includes('Access-Control-Request-Methods')
107
+ ) {
108
+ request.response.headers['Access-Control-Request-Methods'] =
109
+ options.requestMethods
94
110
  }
95
111
 
96
112
  if (request.event.httpMethod === 'OPTIONS') {
97
113
  if (options.cacheControl && !existingHeaders.includes('Cache-Control')) {
98
- request.response.headers['Cache-Control'] = String(options.cacheControl);
114
+ request.response.headers['Cache-Control'] = String(options.cacheControl)
99
115
  }
100
116
  }
101
- };
102
-
103
- const httpCorsMiddlewareOnError = httpCorsMiddlewareAfter;
117
+ }
118
+ const httpCorsMiddlewareOnError = httpCorsMiddlewareAfter
104
119
  return {
105
120
  after: httpCorsMiddlewareAfter,
106
121
  onError: httpCorsMiddlewareOnError
107
- };
108
- };
109
-
110
- module.exports = httpCorsMiddleware;
122
+ }
123
+ }
124
+ module.exports = httpCorsMiddleware
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@middy/http-cors",
3
- "version": "2.5.2",
3
+ "version": "2.5.6",
4
4
  "description": "CORS (Cross-Origin Resource Sharing) middleware for the middy framework",
5
5
  "type": "commonjs",
6
6
  "engines": {
@@ -44,11 +44,11 @@
44
44
  "url": "https://github.com/middyjs/middy/issues"
45
45
  },
46
46
  "homepage": "https://github.com/middyjs/middy#readme",
47
- "gitHead": "a2bb757a7a13638ae64277f8eecfcf11c1af17d4",
47
+ "gitHead": "0c789f55b4adf691f977b0d9904d1a805bb3bb2b",
48
48
  "dependencies": {
49
- "@middy/util": "^2.5.2"
49
+ "@middy/util": "^2.5.6"
50
50
  },
51
51
  "devDependencies": {
52
- "@middy/core": "^2.5.2"
52
+ "@middy/core": "^2.5.6"
53
53
  }
54
54
  }