@middy/http-cors 4.1.0 → 4.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/index.cjs +61 -44
  2. package/index.d.ts +1 -0
  3. package/index.js +61 -44
  4. package/package.json +4 -4
package/index.cjs CHANGED
@@ -22,6 +22,7 @@ const getOrigin = (incomingOrigin, options = {})=>{
22
22
  }
23
23
  };
24
24
  const defaults = {
25
+ disableBeforePreflightResponse: true,
25
26
  getOrigin,
26
27
  credentials: undefined,
27
28
  headers: undefined,
@@ -40,53 +41,22 @@ const httpCorsMiddleware = (opts = {})=>{
40
41
  ...defaults,
41
42
  ...opts
42
43
  };
44
+ const httpCorsMiddlewareBefore = async (request)=>{
45
+ if (options.disableBeforePreflightResponse) return;
46
+ const method = getVersionHttpMethod[request.event.version ?? '1.0']?.(request.event);
47
+ if (method === 'OPTIONS') {
48
+ (0, _util.normalizeHttpResponse)(request);
49
+ const headers = {};
50
+ modifyHeaders(headers, options, request);
51
+ request.response.headers = headers;
52
+ request.response.statusCode = 204;
53
+ return request.response;
54
+ }
55
+ };
43
56
  const httpCorsMiddlewareAfter = async (request)=>{
44
57
  (0, _util.normalizeHttpResponse)(request);
45
58
  const { headers } = request.response;
46
- const existingHeaders = Object.keys(headers);
47
- if (existingHeaders.includes('Access-Control-Allow-Credentials')) {
48
- options.credentials = headers['Access-Control-Allow-Credentials'] === 'true';
49
- }
50
- if (options.credentials) {
51
- headers['Access-Control-Allow-Credentials'] = String(options.credentials);
52
- }
53
- if (options.headers && !existingHeaders.includes('Access-Control-Allow-Headers')) {
54
- headers['Access-Control-Allow-Headers'] = options.headers;
55
- }
56
- if (options.methods && !existingHeaders.includes('Access-Control-Allow-Methods')) {
57
- headers['Access-Control-Allow-Methods'] = options.methods;
58
- }
59
- if (!existingHeaders.includes('Access-Control-Allow-Origin')) {
60
- const eventHeaders = request.event.headers ?? {};
61
- const incomingOrigin = eventHeaders.Origin ?? eventHeaders.origin;
62
- headers['Access-Control-Allow-Origin'] = options.getOrigin(incomingOrigin, options);
63
- }
64
- let vary = options.vary;
65
- if (headers['Access-Control-Allow-Origin'] !== '*' && !vary) {
66
- vary = 'Origin';
67
- }
68
- if (vary && !existingHeaders.includes('Vary')) {
69
- headers.Vary = vary;
70
- }
71
- if (options.exposeHeaders && !existingHeaders.includes('Access-Control-Expose-Headers')) {
72
- headers['Access-Control-Expose-Headers'] = options.exposeHeaders;
73
- }
74
- if (options.maxAge && !existingHeaders.includes('Access-Control-Max-Age')) {
75
- headers['Access-Control-Max-Age'] = String(options.maxAge);
76
- }
77
- if (options.requestHeaders && !existingHeaders.includes('Access-Control-Request-Headers')) {
78
- headers['Access-Control-Request-Headers'] = options.requestHeaders;
79
- }
80
- if (options.requestMethods && !existingHeaders.includes('Access-Control-Request-Methods')) {
81
- headers['Access-Control-Request-Methods'] = options.requestMethods;
82
- }
83
- const httpMethod = getVersionHttpMethod[request.event.version ?? '1.0']?.(request.event);
84
- if (!httpMethod) {
85
- throw new Error('[http-cors] Unknown http event format');
86
- }
87
- if (httpMethod === 'OPTIONS' && options.cacheControl && !existingHeaders.includes('Cache-Control')) {
88
- headers['Cache-Control'] = options.cacheControl;
89
- }
59
+ modifyHeaders(headers, options, request);
90
60
  request.response.headers = headers;
91
61
  };
92
62
  const httpCorsMiddlewareOnError = async (request)=>{
@@ -94,6 +64,7 @@ const httpCorsMiddleware = (opts = {})=>{
94
64
  return httpCorsMiddlewareAfter(request);
95
65
  };
96
66
  return {
67
+ before: httpCorsMiddlewareBefore,
97
68
  after: httpCorsMiddlewareAfter,
98
69
  onError: httpCorsMiddlewareOnError
99
70
  };
@@ -102,6 +73,52 @@ const getVersionHttpMethod = {
102
73
  '1.0': (event)=>event.httpMethod,
103
74
  '2.0': (event)=>event.requestContext.http.method
104
75
  };
76
+ const modifyHeaders = (headers, options, request)=>{
77
+ const existingHeaders = Object.keys(headers);
78
+ if (existingHeaders.includes('Access-Control-Allow-Credentials')) {
79
+ options.credentials = headers['Access-Control-Allow-Credentials'] === 'true';
80
+ }
81
+ if (options.credentials) {
82
+ headers['Access-Control-Allow-Credentials'] = String(options.credentials);
83
+ }
84
+ if (options.headers && !existingHeaders.includes('Access-Control-Allow-Headers')) {
85
+ headers['Access-Control-Allow-Headers'] = options.headers;
86
+ }
87
+ if (options.methods && !existingHeaders.includes('Access-Control-Allow-Methods')) {
88
+ headers['Access-Control-Allow-Methods'] = options.methods;
89
+ }
90
+ if (!existingHeaders.includes('Access-Control-Allow-Origin')) {
91
+ const eventHeaders = request.event.headers ?? {};
92
+ const incomingOrigin = eventHeaders.Origin ?? eventHeaders.origin;
93
+ headers['Access-Control-Allow-Origin'] = options.getOrigin(incomingOrigin, options);
94
+ }
95
+ let vary = options.vary;
96
+ if (headers['Access-Control-Allow-Origin'] !== '*' && !vary) {
97
+ vary = 'Origin';
98
+ }
99
+ if (vary && !existingHeaders.includes('Vary')) {
100
+ headers.Vary = vary;
101
+ }
102
+ if (options.exposeHeaders && !existingHeaders.includes('Access-Control-Expose-Headers')) {
103
+ headers['Access-Control-Expose-Headers'] = options.exposeHeaders;
104
+ }
105
+ if (options.maxAge && !existingHeaders.includes('Access-Control-Max-Age')) {
106
+ headers['Access-Control-Max-Age'] = String(options.maxAge);
107
+ }
108
+ if (options.requestHeaders && !existingHeaders.includes('Access-Control-Request-Headers')) {
109
+ headers['Access-Control-Request-Headers'] = options.requestHeaders;
110
+ }
111
+ if (options.requestMethods && !existingHeaders.includes('Access-Control-Request-Methods')) {
112
+ headers['Access-Control-Request-Methods'] = options.requestMethods;
113
+ }
114
+ const httpMethod = getVersionHttpMethod[request.event.version ?? '1.0']?.(request.event);
115
+ if (!httpMethod) {
116
+ throw new Error('[http-cors] Unknown http event format');
117
+ }
118
+ if (httpMethod === 'OPTIONS' && options.cacheControl && !existingHeaders.includes('Cache-Control')) {
119
+ headers['Cache-Control'] = options.cacheControl;
120
+ }
121
+ };
105
122
  const _default = httpCorsMiddleware;
106
123
 
107
124
 
package/index.d.ts CHANGED
@@ -3,6 +3,7 @@ import middy from '@middy/core'
3
3
  export interface Options {
4
4
  getOrigin?: (incomingOrigin: string, options: Options) => string
5
5
  credentials?: boolean | string
6
+ disableBeforePreflightResponse: true
6
7
  headers?: string
7
8
  methods?: string
8
9
  origin?: string
package/index.js CHANGED
@@ -14,6 +14,7 @@ const getOrigin = (incomingOrigin, options = {})=>{
14
14
  }
15
15
  };
16
16
  const defaults = {
17
+ disableBeforePreflightResponse: true,
17
18
  getOrigin,
18
19
  credentials: undefined,
19
20
  headers: undefined,
@@ -32,53 +33,22 @@ const httpCorsMiddleware = (opts = {})=>{
32
33
  ...defaults,
33
34
  ...opts
34
35
  };
36
+ const httpCorsMiddlewareBefore = async (request)=>{
37
+ if (options.disableBeforePreflightResponse) return;
38
+ const method = getVersionHttpMethod[request.event.version ?? '1.0']?.(request.event);
39
+ if (method === 'OPTIONS') {
40
+ normalizeHttpResponse(request);
41
+ const headers = {};
42
+ modifyHeaders(headers, options, request);
43
+ request.response.headers = headers;
44
+ request.response.statusCode = 204;
45
+ return request.response;
46
+ }
47
+ };
35
48
  const httpCorsMiddlewareAfter = async (request)=>{
36
49
  normalizeHttpResponse(request);
37
50
  const { headers } = request.response;
38
- const existingHeaders = Object.keys(headers);
39
- if (existingHeaders.includes('Access-Control-Allow-Credentials')) {
40
- options.credentials = headers['Access-Control-Allow-Credentials'] === 'true';
41
- }
42
- if (options.credentials) {
43
- headers['Access-Control-Allow-Credentials'] = String(options.credentials);
44
- }
45
- if (options.headers && !existingHeaders.includes('Access-Control-Allow-Headers')) {
46
- headers['Access-Control-Allow-Headers'] = options.headers;
47
- }
48
- if (options.methods && !existingHeaders.includes('Access-Control-Allow-Methods')) {
49
- headers['Access-Control-Allow-Methods'] = options.methods;
50
- }
51
- if (!existingHeaders.includes('Access-Control-Allow-Origin')) {
52
- const eventHeaders = request.event.headers ?? {};
53
- const incomingOrigin = eventHeaders.Origin ?? eventHeaders.origin;
54
- headers['Access-Control-Allow-Origin'] = options.getOrigin(incomingOrigin, options);
55
- }
56
- let vary = options.vary;
57
- if (headers['Access-Control-Allow-Origin'] !== '*' && !vary) {
58
- vary = 'Origin';
59
- }
60
- if (vary && !existingHeaders.includes('Vary')) {
61
- headers.Vary = vary;
62
- }
63
- if (options.exposeHeaders && !existingHeaders.includes('Access-Control-Expose-Headers')) {
64
- headers['Access-Control-Expose-Headers'] = options.exposeHeaders;
65
- }
66
- if (options.maxAge && !existingHeaders.includes('Access-Control-Max-Age')) {
67
- headers['Access-Control-Max-Age'] = String(options.maxAge);
68
- }
69
- if (options.requestHeaders && !existingHeaders.includes('Access-Control-Request-Headers')) {
70
- headers['Access-Control-Request-Headers'] = options.requestHeaders;
71
- }
72
- if (options.requestMethods && !existingHeaders.includes('Access-Control-Request-Methods')) {
73
- headers['Access-Control-Request-Methods'] = options.requestMethods;
74
- }
75
- const httpMethod = getVersionHttpMethod[request.event.version ?? '1.0']?.(request.event);
76
- if (!httpMethod) {
77
- throw new Error('[http-cors] Unknown http event format');
78
- }
79
- if (httpMethod === 'OPTIONS' && options.cacheControl && !existingHeaders.includes('Cache-Control')) {
80
- headers['Cache-Control'] = options.cacheControl;
81
- }
51
+ modifyHeaders(headers, options, request);
82
52
  request.response.headers = headers;
83
53
  };
84
54
  const httpCorsMiddlewareOnError = async (request)=>{
@@ -86,6 +56,7 @@ const httpCorsMiddleware = (opts = {})=>{
86
56
  return httpCorsMiddlewareAfter(request);
87
57
  };
88
58
  return {
59
+ before: httpCorsMiddlewareBefore,
89
60
  after: httpCorsMiddlewareAfter,
90
61
  onError: httpCorsMiddlewareOnError
91
62
  };
@@ -94,6 +65,52 @@ const getVersionHttpMethod = {
94
65
  '1.0': (event)=>event.httpMethod,
95
66
  '2.0': (event)=>event.requestContext.http.method
96
67
  };
68
+ const modifyHeaders = (headers, options, request)=>{
69
+ const existingHeaders = Object.keys(headers);
70
+ if (existingHeaders.includes('Access-Control-Allow-Credentials')) {
71
+ options.credentials = headers['Access-Control-Allow-Credentials'] === 'true';
72
+ }
73
+ if (options.credentials) {
74
+ headers['Access-Control-Allow-Credentials'] = String(options.credentials);
75
+ }
76
+ if (options.headers && !existingHeaders.includes('Access-Control-Allow-Headers')) {
77
+ headers['Access-Control-Allow-Headers'] = options.headers;
78
+ }
79
+ if (options.methods && !existingHeaders.includes('Access-Control-Allow-Methods')) {
80
+ headers['Access-Control-Allow-Methods'] = options.methods;
81
+ }
82
+ if (!existingHeaders.includes('Access-Control-Allow-Origin')) {
83
+ const eventHeaders = request.event.headers ?? {};
84
+ const incomingOrigin = eventHeaders.Origin ?? eventHeaders.origin;
85
+ headers['Access-Control-Allow-Origin'] = options.getOrigin(incomingOrigin, options);
86
+ }
87
+ let vary = options.vary;
88
+ if (headers['Access-Control-Allow-Origin'] !== '*' && !vary) {
89
+ vary = 'Origin';
90
+ }
91
+ if (vary && !existingHeaders.includes('Vary')) {
92
+ headers.Vary = vary;
93
+ }
94
+ if (options.exposeHeaders && !existingHeaders.includes('Access-Control-Expose-Headers')) {
95
+ headers['Access-Control-Expose-Headers'] = options.exposeHeaders;
96
+ }
97
+ if (options.maxAge && !existingHeaders.includes('Access-Control-Max-Age')) {
98
+ headers['Access-Control-Max-Age'] = String(options.maxAge);
99
+ }
100
+ if (options.requestHeaders && !existingHeaders.includes('Access-Control-Request-Headers')) {
101
+ headers['Access-Control-Request-Headers'] = options.requestHeaders;
102
+ }
103
+ if (options.requestMethods && !existingHeaders.includes('Access-Control-Request-Methods')) {
104
+ headers['Access-Control-Request-Methods'] = options.requestMethods;
105
+ }
106
+ const httpMethod = getVersionHttpMethod[request.event.version ?? '1.0']?.(request.event);
107
+ if (!httpMethod) {
108
+ throw new Error('[http-cors] Unknown http event format');
109
+ }
110
+ if (httpMethod === 'OPTIONS' && options.cacheControl && !existingHeaders.includes('Cache-Control')) {
111
+ headers['Cache-Control'] = options.cacheControl;
112
+ }
113
+ };
97
114
  export default httpCorsMiddleware;
98
115
 
99
116
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@middy/http-cors",
3
- "version": "4.1.0",
3
+ "version": "4.2.0",
4
4
  "description": "CORS (Cross-Origin Resource Sharing) middleware for the middy framework",
5
5
  "type": "module",
6
6
  "engines": {
@@ -60,11 +60,11 @@
60
60
  "url": "https://github.com/middyjs/middy/issues"
61
61
  },
62
62
  "homepage": "https://middy.js.org",
63
- "gitHead": "c5abbac9280c3a2f30758188233a7b27367901d1",
63
+ "gitHead": "438103b15c184995a0a38413f6ed0b8696d13670",
64
64
  "dependencies": {
65
- "@middy/util": "4.1.0"
65
+ "@middy/util": "4.2.0"
66
66
  },
67
67
  "devDependencies": {
68
- "@middy/core": "4.1.0"
68
+ "@middy/core": "4.2.0"
69
69
  }
70
70
  }