@middy/http-cors 5.0.0-alpha.0 → 5.0.0-alpha.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -2
- package/index.js +7 -3
- package/package.json +4 -10
- package/index.cjs +0 -123
package/README.md
CHANGED
|
@@ -19,8 +19,9 @@
|
|
|
19
19
|
<a href="https://snyk.io/test/github/middyjs/middy">
|
|
20
20
|
<img src="https://snyk.io/test/github/middyjs/middy/badge.svg" alt="Known Vulnerabilities" data-canonical-src="https://snyk.io/test/github/middyjs/middy" style="max-width:100%;">
|
|
21
21
|
</a>
|
|
22
|
-
<a href="https://
|
|
23
|
-
<img src="https://
|
|
22
|
+
<a href="https://github.com/middyjs/middy/actions/workflows/sast.yml">
|
|
23
|
+
<img src="https://github.com/middyjs/middy/actions/workflows/sast.yml/badge.svg
|
|
24
|
+
?branch=main&event=push" alt="CodeQL" style="max-width:100%;">
|
|
24
25
|
</a>
|
|
25
26
|
<a href="https://bestpractices.coreinfrastructure.org/projects/5280">
|
|
26
27
|
<img src="https://bestpractices.coreinfrastructure.org/projects/5280/badge" alt="Core Infrastructure Initiative (CII) Best Practices" style="max-width:100%;">
|
package/index.js
CHANGED
|
@@ -47,13 +47,13 @@ const httpCorsMiddleware = (opts = {})=>{
|
|
|
47
47
|
};
|
|
48
48
|
const httpCorsMiddlewareAfter = async (request)=>{
|
|
49
49
|
normalizeHttpResponse(request);
|
|
50
|
-
const { headers
|
|
50
|
+
const { headers } = request.response;
|
|
51
51
|
modifyHeaders(headers, options, request);
|
|
52
52
|
request.response.headers = headers;
|
|
53
53
|
};
|
|
54
54
|
const httpCorsMiddlewareOnError = async (request)=>{
|
|
55
55
|
if (request.response === undefined) return;
|
|
56
|
-
|
|
56
|
+
await httpCorsMiddlewareAfter(request);
|
|
57
57
|
};
|
|
58
58
|
return {
|
|
59
59
|
before: httpCorsMiddlewareBefore,
|
|
@@ -105,7 +105,11 @@ const modifyHeaders = (headers, options, request)=>{
|
|
|
105
105
|
}
|
|
106
106
|
const httpMethod = getVersionHttpMethod[request.event.version ?? '1.0']?.(request.event);
|
|
107
107
|
if (!httpMethod) {
|
|
108
|
-
throw new Error('
|
|
108
|
+
throw new Error('Unknown http event format', {
|
|
109
|
+
cause: {
|
|
110
|
+
package: '@middy/http-cors'
|
|
111
|
+
}
|
|
112
|
+
});
|
|
109
113
|
}
|
|
110
114
|
if (httpMethod === 'OPTIONS' && options.cacheControl && !existingHeaders.includes('Cache-Control')) {
|
|
111
115
|
headers['Cache-Control'] = options.cacheControl;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@middy/http-cors",
|
|
3
|
-
"version": "5.0.0-alpha.
|
|
3
|
+
"version": "5.0.0-alpha.2",
|
|
4
4
|
"description": "CORS (Cross-Origin Resource Sharing) middleware for the middy framework",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"engines": {
|
|
@@ -10,24 +10,18 @@
|
|
|
10
10
|
"publishConfig": {
|
|
11
11
|
"access": "public"
|
|
12
12
|
},
|
|
13
|
-
"main": "./index.cjs",
|
|
14
13
|
"module": "./index.js",
|
|
15
14
|
"exports": {
|
|
16
15
|
".": {
|
|
17
16
|
"import": {
|
|
18
17
|
"types": "./index.d.ts",
|
|
19
18
|
"default": "./index.js"
|
|
20
|
-
},
|
|
21
|
-
"require": {
|
|
22
|
-
"types": "./index.d.ts",
|
|
23
|
-
"default": "./index.cjs"
|
|
24
19
|
}
|
|
25
20
|
}
|
|
26
21
|
},
|
|
27
22
|
"types": "index.d.ts",
|
|
28
23
|
"files": [
|
|
29
24
|
"index.js",
|
|
30
|
-
"index.cjs",
|
|
31
25
|
"index.d.ts"
|
|
32
26
|
],
|
|
33
27
|
"scripts": {
|
|
@@ -64,11 +58,11 @@
|
|
|
64
58
|
"type": "github",
|
|
65
59
|
"url": "https://github.com/sponsors/willfarrell"
|
|
66
60
|
},
|
|
67
|
-
"gitHead": "
|
|
61
|
+
"gitHead": "ebce8d5df8783077fa49ba62ee9be20e8486a7f1",
|
|
68
62
|
"dependencies": {
|
|
69
|
-
"@middy/util": "5.0.0-alpha.
|
|
63
|
+
"@middy/util": "5.0.0-alpha.2"
|
|
70
64
|
},
|
|
71
65
|
"devDependencies": {
|
|
72
|
-
"@middy/core": "5.0.0-alpha.
|
|
66
|
+
"@middy/core": "5.0.0-alpha.2"
|
|
73
67
|
}
|
|
74
68
|
}
|
package/index.cjs
DELETED
|
@@ -1,123 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", {
|
|
3
|
-
value: true
|
|
4
|
-
});
|
|
5
|
-
Object.defineProperty(module, "exports", {
|
|
6
|
-
enumerable: true,
|
|
7
|
-
get: ()=>_default
|
|
8
|
-
});
|
|
9
|
-
const _util = require("@middy/util");
|
|
10
|
-
const getOrigin = (incomingOrigin, options = {})=>{
|
|
11
|
-
if (options.origins.length > 0) {
|
|
12
|
-
if (incomingOrigin && options.origins.includes(incomingOrigin)) {
|
|
13
|
-
return incomingOrigin;
|
|
14
|
-
} else {
|
|
15
|
-
return options.origins[0];
|
|
16
|
-
}
|
|
17
|
-
} else {
|
|
18
|
-
if (incomingOrigin && options.credentials && options.origin === '*') {
|
|
19
|
-
return incomingOrigin;
|
|
20
|
-
}
|
|
21
|
-
return options.origin;
|
|
22
|
-
}
|
|
23
|
-
};
|
|
24
|
-
const defaults = {
|
|
25
|
-
disableBeforePreflightResponse: true,
|
|
26
|
-
getOrigin,
|
|
27
|
-
credentials: undefined,
|
|
28
|
-
headers: undefined,
|
|
29
|
-
methods: undefined,
|
|
30
|
-
origin: '*',
|
|
31
|
-
origins: [],
|
|
32
|
-
exposeHeaders: undefined,
|
|
33
|
-
maxAge: undefined,
|
|
34
|
-
requestHeaders: undefined,
|
|
35
|
-
requestMethods: undefined,
|
|
36
|
-
cacheControl: undefined,
|
|
37
|
-
vary: undefined
|
|
38
|
-
};
|
|
39
|
-
const httpCorsMiddleware = (opts = {})=>{
|
|
40
|
-
const options = {
|
|
41
|
-
...defaults,
|
|
42
|
-
...opts
|
|
43
|
-
};
|
|
44
|
-
const httpCorsMiddlewareBefore = async (request)=>{
|
|
45
|
-
if (options.disableBeforePreflightResponse) return;
|
|
46
|
-
const method = getVersionHttpMethod[request.event.version ?? '1.0']?.(request.event);
|
|
47
|
-
if (method === 'OPTIONS') {
|
|
48
|
-
(0, _util.normalizeHttpResponse)(request);
|
|
49
|
-
const headers = {};
|
|
50
|
-
modifyHeaders(headers, options, request);
|
|
51
|
-
request.response.headers = headers;
|
|
52
|
-
request.response.statusCode = 204;
|
|
53
|
-
return request.response;
|
|
54
|
-
}
|
|
55
|
-
};
|
|
56
|
-
const httpCorsMiddlewareAfter = async (request)=>{
|
|
57
|
-
(0, _util.normalizeHttpResponse)(request);
|
|
58
|
-
const { headers } = request.response;
|
|
59
|
-
modifyHeaders(headers, options, request);
|
|
60
|
-
request.response.headers = headers;
|
|
61
|
-
};
|
|
62
|
-
const httpCorsMiddlewareOnError = async (request)=>{
|
|
63
|
-
if (request.response === undefined) return;
|
|
64
|
-
return httpCorsMiddlewareAfter(request);
|
|
65
|
-
};
|
|
66
|
-
return {
|
|
67
|
-
before: httpCorsMiddlewareBefore,
|
|
68
|
-
after: httpCorsMiddlewareAfter,
|
|
69
|
-
onError: httpCorsMiddlewareOnError
|
|
70
|
-
};
|
|
71
|
-
};
|
|
72
|
-
const getVersionHttpMethod = {
|
|
73
|
-
'1.0': (event)=>event.httpMethod,
|
|
74
|
-
'2.0': (event)=>event.requestContext.http.method
|
|
75
|
-
};
|
|
76
|
-
const modifyHeaders = (headers, options, request)=>{
|
|
77
|
-
const existingHeaders = Object.keys(headers);
|
|
78
|
-
if (existingHeaders.includes('Access-Control-Allow-Credentials')) {
|
|
79
|
-
options.credentials = headers['Access-Control-Allow-Credentials'] === 'true';
|
|
80
|
-
}
|
|
81
|
-
if (options.credentials) {
|
|
82
|
-
headers['Access-Control-Allow-Credentials'] = String(options.credentials);
|
|
83
|
-
}
|
|
84
|
-
if (options.headers && !existingHeaders.includes('Access-Control-Allow-Headers')) {
|
|
85
|
-
headers['Access-Control-Allow-Headers'] = options.headers;
|
|
86
|
-
}
|
|
87
|
-
if (options.methods && !existingHeaders.includes('Access-Control-Allow-Methods')) {
|
|
88
|
-
headers['Access-Control-Allow-Methods'] = options.methods;
|
|
89
|
-
}
|
|
90
|
-
if (!existingHeaders.includes('Access-Control-Allow-Origin')) {
|
|
91
|
-
const eventHeaders = request.event.headers ?? {};
|
|
92
|
-
const incomingOrigin = eventHeaders.Origin ?? eventHeaders.origin;
|
|
93
|
-
headers['Access-Control-Allow-Origin'] = options.getOrigin(incomingOrigin, options);
|
|
94
|
-
}
|
|
95
|
-
let vary = options.vary;
|
|
96
|
-
if (headers['Access-Control-Allow-Origin'] !== '*' && !vary) {
|
|
97
|
-
vary = 'Origin';
|
|
98
|
-
}
|
|
99
|
-
if (vary && !existingHeaders.includes('Vary')) {
|
|
100
|
-
headers.Vary = vary;
|
|
101
|
-
}
|
|
102
|
-
if (options.exposeHeaders && !existingHeaders.includes('Access-Control-Expose-Headers')) {
|
|
103
|
-
headers['Access-Control-Expose-Headers'] = options.exposeHeaders;
|
|
104
|
-
}
|
|
105
|
-
if (options.maxAge && !existingHeaders.includes('Access-Control-Max-Age')) {
|
|
106
|
-
headers['Access-Control-Max-Age'] = String(options.maxAge);
|
|
107
|
-
}
|
|
108
|
-
if (options.requestHeaders && !existingHeaders.includes('Access-Control-Request-Headers')) {
|
|
109
|
-
headers['Access-Control-Request-Headers'] = options.requestHeaders;
|
|
110
|
-
}
|
|
111
|
-
if (options.requestMethods && !existingHeaders.includes('Access-Control-Request-Methods')) {
|
|
112
|
-
headers['Access-Control-Request-Methods'] = options.requestMethods;
|
|
113
|
-
}
|
|
114
|
-
const httpMethod = getVersionHttpMethod[request.event.version ?? '1.0']?.(request.event);
|
|
115
|
-
if (!httpMethod) {
|
|
116
|
-
throw new Error('[http-cors] Unknown http event format');
|
|
117
|
-
}
|
|
118
|
-
if (httpMethod === 'OPTIONS' && options.cacheControl && !existingHeaders.includes('Cache-Control')) {
|
|
119
|
-
headers['Cache-Control'] = options.cacheControl;
|
|
120
|
-
}
|
|
121
|
-
};
|
|
122
|
-
const _default = httpCorsMiddleware;
|
|
123
|
-
|