@middy/http-cors 5.5.1 → 6.0.0-beta.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +88 -80
- package/package.json +7 -4
package/index.js
CHANGED
|
@@ -6,19 +6,15 @@ const defaults = {
|
|
|
6
6
|
credentials: undefined,
|
|
7
7
|
headers: undefined,
|
|
8
8
|
methods: undefined,
|
|
9
|
-
origin:
|
|
9
|
+
origin: undefined,
|
|
10
10
|
origins: [],
|
|
11
11
|
exposeHeaders: undefined,
|
|
12
12
|
maxAge: undefined,
|
|
13
|
-
requestHeaders: undefined,
|
|
14
|
-
requestMethods: undefined,
|
|
15
13
|
cacheControl: undefined,
|
|
16
14
|
vary: undefined
|
|
17
15
|
}
|
|
16
|
+
|
|
18
17
|
const httpCorsMiddleware = (opts = {}) => {
|
|
19
|
-
let originAny = false
|
|
20
|
-
const originStatic = {}
|
|
21
|
-
const originDynamic = []
|
|
22
18
|
const getOrigin = (incomingOrigin, options = {}) => {
|
|
23
19
|
if (options.origins.length > 0) {
|
|
24
20
|
if (originStatic[incomingOrigin]) {
|
|
@@ -49,10 +45,13 @@ const httpCorsMiddleware = (opts = {}) => {
|
|
|
49
45
|
...opts
|
|
50
46
|
}
|
|
51
47
|
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
48
|
+
let originAny = false
|
|
49
|
+
let originMany = options.origins.length > 1
|
|
50
|
+
const originStatic = {}
|
|
51
|
+
const originDynamic = []
|
|
52
|
+
|
|
53
|
+
for (const origin of [options.origin, ...options.origins]) {
|
|
54
|
+
if (!origin) {
|
|
56
55
|
continue
|
|
57
56
|
}
|
|
58
57
|
// All
|
|
@@ -60,12 +59,83 @@ const httpCorsMiddleware = (opts = {}) => {
|
|
|
60
59
|
originAny = true
|
|
61
60
|
continue
|
|
62
61
|
}
|
|
62
|
+
// Static
|
|
63
|
+
if (!origin.includes('*')) {
|
|
64
|
+
originStatic[origin] = true
|
|
65
|
+
continue
|
|
66
|
+
}
|
|
67
|
+
originMany = true
|
|
63
68
|
// Dynamic
|
|
64
69
|
// TODO: IDN -> puncycode not handled, add in if requested
|
|
65
70
|
const regExpStr = origin.replaceAll('.', '\\.').replaceAll('*', '[^.]*')
|
|
66
71
|
originDynamic.push(new RegExp(`^${regExpStr}$`))
|
|
67
72
|
}
|
|
68
73
|
|
|
74
|
+
const modifyHeaders = (headers, options, request) => {
|
|
75
|
+
const existingHeaders = Object.keys(headers)
|
|
76
|
+
if (existingHeaders.includes('Access-Control-Allow-Credentials')) {
|
|
77
|
+
options.credentials =
|
|
78
|
+
headers['Access-Control-Allow-Credentials'] === 'true'
|
|
79
|
+
}
|
|
80
|
+
if (options.credentials) {
|
|
81
|
+
headers['Access-Control-Allow-Credentials'] = String(options.credentials)
|
|
82
|
+
}
|
|
83
|
+
if (
|
|
84
|
+
options.headers &&
|
|
85
|
+
!existingHeaders.includes('Access-Control-Allow-Headers')
|
|
86
|
+
) {
|
|
87
|
+
headers['Access-Control-Allow-Headers'] = options.headers
|
|
88
|
+
}
|
|
89
|
+
if (
|
|
90
|
+
options.methods &&
|
|
91
|
+
!existingHeaders.includes('Access-Control-Allow-Methods')
|
|
92
|
+
) {
|
|
93
|
+
headers['Access-Control-Allow-Methods'] = options.methods
|
|
94
|
+
}
|
|
95
|
+
|
|
96
|
+
let newOrigin
|
|
97
|
+
if (!existingHeaders.includes('Access-Control-Allow-Origin')) {
|
|
98
|
+
const eventHeaders = request.event.headers ?? {}
|
|
99
|
+
const incomingOrigin = eventHeaders.Origin ?? eventHeaders.origin
|
|
100
|
+
newOrigin = options.getOrigin(incomingOrigin, options)
|
|
101
|
+
if (newOrigin) {
|
|
102
|
+
headers['Access-Control-Allow-Origin'] = newOrigin
|
|
103
|
+
}
|
|
104
|
+
}
|
|
105
|
+
|
|
106
|
+
if (!headers.Vary) {
|
|
107
|
+
addHeaderPart(headers, 'Vary', options.vary)
|
|
108
|
+
}
|
|
109
|
+
|
|
110
|
+
if (
|
|
111
|
+
originMany ||
|
|
112
|
+
(originAny && newOrigin !== '*') ||
|
|
113
|
+
(newOrigin === '*' && options.credentials)
|
|
114
|
+
) {
|
|
115
|
+
addHeaderPart(headers, 'Vary', 'Origin')
|
|
116
|
+
}
|
|
117
|
+
|
|
118
|
+
if (
|
|
119
|
+
options.exposeHeaders &&
|
|
120
|
+
!existingHeaders.includes('Access-Control-Expose-Headers')
|
|
121
|
+
) {
|
|
122
|
+
headers['Access-Control-Expose-Headers'] = options.exposeHeaders
|
|
123
|
+
}
|
|
124
|
+
if (options.maxAge && !existingHeaders.includes('Access-Control-Max-Age')) {
|
|
125
|
+
headers['Access-Control-Max-Age'] = String(options.maxAge)
|
|
126
|
+
}
|
|
127
|
+
const httpMethod = getVersionHttpMethod[request.event.version ?? '1.0']?.(
|
|
128
|
+
request.event
|
|
129
|
+
)
|
|
130
|
+
if (
|
|
131
|
+
httpMethod === 'OPTIONS' &&
|
|
132
|
+
options.cacheControl &&
|
|
133
|
+
!existingHeaders.includes('Cache-Control')
|
|
134
|
+
) {
|
|
135
|
+
headers['Cache-Control'] = options.cacheControl
|
|
136
|
+
}
|
|
137
|
+
}
|
|
138
|
+
|
|
69
139
|
const httpCorsMiddlewareBefore = async (request) => {
|
|
70
140
|
if (options.disableBeforePreflightResponse) return
|
|
71
141
|
|
|
@@ -103,76 +173,14 @@ const getVersionHttpMethod = {
|
|
|
103
173
|
'2.0': (event) => event.requestContext.http.method
|
|
104
174
|
}
|
|
105
175
|
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
if (
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
if (
|
|
115
|
-
options.headers &&
|
|
116
|
-
!existingHeaders.includes('Access-Control-Allow-Headers')
|
|
117
|
-
) {
|
|
118
|
-
headers['Access-Control-Allow-Headers'] = options.headers
|
|
119
|
-
}
|
|
120
|
-
if (
|
|
121
|
-
options.methods &&
|
|
122
|
-
!existingHeaders.includes('Access-Control-Allow-Methods')
|
|
123
|
-
) {
|
|
124
|
-
headers['Access-Control-Allow-Methods'] = options.methods
|
|
125
|
-
}
|
|
126
|
-
if (!existingHeaders.includes('Access-Control-Allow-Origin')) {
|
|
127
|
-
const eventHeaders = request.event.headers ?? {}
|
|
128
|
-
const incomingOrigin = eventHeaders.Origin ?? eventHeaders.origin
|
|
129
|
-
const newOrigin = options.getOrigin(incomingOrigin, options)
|
|
130
|
-
if (newOrigin) {
|
|
131
|
-
headers['Access-Control-Allow-Origin'] = newOrigin
|
|
132
|
-
}
|
|
133
|
-
}
|
|
134
|
-
let vary = options.vary
|
|
135
|
-
if (
|
|
136
|
-
headers['Access-Control-Allow-Origin'] &&
|
|
137
|
-
headers['Access-Control-Allow-Origin'] !== '*' &&
|
|
138
|
-
!vary
|
|
139
|
-
) {
|
|
140
|
-
vary = 'Origin'
|
|
141
|
-
}
|
|
142
|
-
if (vary && !existingHeaders.includes('Vary')) {
|
|
143
|
-
headers.Vary = vary
|
|
144
|
-
}
|
|
145
|
-
if (
|
|
146
|
-
options.exposeHeaders &&
|
|
147
|
-
!existingHeaders.includes('Access-Control-Expose-Headers')
|
|
148
|
-
) {
|
|
149
|
-
headers['Access-Control-Expose-Headers'] = options.exposeHeaders
|
|
150
|
-
}
|
|
151
|
-
if (options.maxAge && !existingHeaders.includes('Access-Control-Max-Age')) {
|
|
152
|
-
headers['Access-Control-Max-Age'] = String(options.maxAge)
|
|
153
|
-
}
|
|
154
|
-
if (
|
|
155
|
-
options.requestHeaders &&
|
|
156
|
-
!existingHeaders.includes('Access-Control-Request-Headers')
|
|
157
|
-
) {
|
|
158
|
-
headers['Access-Control-Request-Headers'] = options.requestHeaders
|
|
159
|
-
}
|
|
160
|
-
if (
|
|
161
|
-
options.requestMethods &&
|
|
162
|
-
!existingHeaders.includes('Access-Control-Request-Methods')
|
|
163
|
-
) {
|
|
164
|
-
headers['Access-Control-Request-Methods'] = options.requestMethods
|
|
165
|
-
}
|
|
166
|
-
const httpMethod = getVersionHttpMethod[request.event.version ?? '1.0']?.(
|
|
167
|
-
request.event
|
|
168
|
-
)
|
|
169
|
-
if (
|
|
170
|
-
httpMethod === 'OPTIONS' &&
|
|
171
|
-
options.cacheControl &&
|
|
172
|
-
!existingHeaders.includes('Cache-Control')
|
|
173
|
-
) {
|
|
174
|
-
headers['Cache-Control'] = options.cacheControl
|
|
175
|
-
}
|
|
176
|
+
// header in offical name, lowercase varient handeled
|
|
177
|
+
const addHeaderPart = (headers, header, value) => {
|
|
178
|
+
if (!value) return
|
|
179
|
+
const headerLower = header.toLowerCase()
|
|
180
|
+
header = headers[headerLower] ? headerLower : header
|
|
181
|
+
headers[header] ??= ''
|
|
182
|
+
headers[header] &&= headers[header] + ', '
|
|
183
|
+
headers[header] += value
|
|
176
184
|
}
|
|
177
185
|
|
|
178
186
|
export default httpCorsMiddleware
|
package/package.json
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@middy/http-cors",
|
|
3
|
-
"version": "
|
|
3
|
+
"version": "6.0.0-beta.0",
|
|
4
4
|
"description": "CORS (Cross-Origin Resource Sharing) middleware for the middy framework",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"engines": {
|
|
7
|
-
"node": ">=
|
|
7
|
+
"node": ">=20"
|
|
8
8
|
},
|
|
9
9
|
"engineStrict": true,
|
|
10
10
|
"publishConfig": {
|
|
@@ -16,6 +16,9 @@
|
|
|
16
16
|
"import": {
|
|
17
17
|
"types": "./index.d.ts",
|
|
18
18
|
"default": "./index.js"
|
|
19
|
+
},
|
|
20
|
+
"require": {
|
|
21
|
+
"default": "./index.js"
|
|
19
22
|
}
|
|
20
23
|
}
|
|
21
24
|
},
|
|
@@ -60,9 +63,9 @@
|
|
|
60
63
|
},
|
|
61
64
|
"gitHead": "7a6c0fbb8ab71d6a2171e678697de9f237568431",
|
|
62
65
|
"dependencies": {
|
|
63
|
-
"@middy/util": "
|
|
66
|
+
"@middy/util": "6.0.0-beta.0"
|
|
64
67
|
},
|
|
65
68
|
"devDependencies": {
|
|
66
|
-
"@middy/core": "
|
|
69
|
+
"@middy/core": "6.0.0-beta.0"
|
|
67
70
|
}
|
|
68
71
|
}
|