npm - @middy/http-cors - Versions diffs - 6.1.6 → 6.2.1 - Mend

@middy/http-cors 6.1.6 → 6.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/index.d.ts CHANGED Viewed

@@ -1,20 +1,20 @@
-import middy from '@middy/core'
+import type middy from "@middy/core";
 export interface Options {
-  getOrigin?: (incomingOrigin: string, options: Options) => string
-  credentials?: boolean | string
-  disableBeforePreflightResponse?: boolean
-  headers?: string
-  methods?: string
-  origin?: string
-  origins?: string[]
-  exposeHeaders?: string
-  maxAge?: number | string
-  requestHeaders?: string
-  requestMethods?: string
-  cacheControl?: string
+	getOrigin?: (incomingOrigin: string, options: Options) => string;
+	credentials?: boolean | string;
+	disableBeforePreflightResponse?: boolean;
+	headers?: string;
+	methods?: string;
+	origin?: string;
+	origins?: string[];
+	exposeHeaders?: string;
+	maxAge?: number | string;
+	requestHeaders?: string;
+	requestMethods?: string;
+	cacheControl?: string;
 }
-declare function httpCors (options?: Options): middy.MiddlewareObj
+declare function httpCors(options?: Options): middy.MiddlewareObj;
-export default httpCors
+export default httpCors;

package/index.js CHANGED Viewed

@@ -1,186 +1,187 @@
-import { normalizeHttpResponse } from '@middy/util'
+import { normalizeHttpResponse } from "@middy/util";
 const defaults = {
-  disableBeforePreflightResponse: true,
-  getOrigin: undefined, // default inserted below
-  credentials: undefined,
-  headers: undefined,
-  methods: undefined,
-  origin: undefined,
-  origins: [],
-  exposeHeaders: undefined,
-  maxAge: undefined,
-  cacheControl: undefined,
-  vary: undefined
-}
+	disableBeforePreflightResponse: true,
+	getOrigin: undefined, // default inserted below
+	credentials: undefined,
+	headers: undefined,
+	methods: undefined,
+	origin: undefined,
+	origins: [],
+	exposeHeaders: undefined,
+	maxAge: undefined,
+	cacheControl: undefined,
+	vary: undefined,
+};
 const httpCorsMiddleware = (opts = {}) => {
-  const getOrigin = (incomingOrigin, options = {}) => {
-    if (options.origins.length > 0) {
-      if (originStatic[incomingOrigin]) {
-        return incomingOrigin
-      }
-      if (originAny) {
-        if (options.credentials) {
-          return incomingOrigin
-        } else {
-          return '*'
-        }
-      }
-      if (originDynamic.some((regExp) => regExp.test(incomingOrigin))) {
-        return incomingOrigin
-      }
-      // TODO deprecate `else` in v6
-    } else {
-      if (incomingOrigin && options.credentials && options.origin === '*') {
-        return incomingOrigin
-      }
-      return options.origin
-    }
-    return null
-  }
-  const options = {
-    ...defaults,
-    getOrigin,
-    ...opts
-  }
+	const getOrigin = (incomingOrigin, options = {}) => {
+		if (options.origins.length > 0) {
+			if (originStatic[incomingOrigin]) {
+				return incomingOrigin;
+			}
+			if (originAny) {
+				if (options.credentials) {
+					return incomingOrigin;
+				}
+				return "*";
+			}
+			if (originDynamic.some((regExp) => regExp.test(incomingOrigin))) {
+				return incomingOrigin;
+			}
+			// TODO deprecate `else` in v6
+		} else {
+			if (incomingOrigin && options.credentials && options.origin === "*") {
+				return incomingOrigin;
+			}
+			return options.origin;
+		}
+		return null;
+	};
+	const options = {
+		...defaults,
+		getOrigin,
+		...opts,
+	};
-  let originAny = false
-  let originMany = options.origins.length > 1
-  const originStatic = {}
-  const originDynamic = []
+	let originAny = false;
+	let originMany = options.origins.length > 1;
+	const originStatic = {};
+	const originDynamic = [];
-  for (const origin of [options.origin, ...options.origins]) {
-    if (!origin) {
-      continue
-    }
-    // All
-    if (origin === '*') {
-      originAny = true
-      continue
-    }
-    // Static
-    if (!origin.includes('*')) {
-      originStatic[origin] = true
-      continue
-    }
-    originMany = true
-    // Dynamic
-    // TODO: IDN -> puncycode not handled, add in if requested
-    const regExpStr = origin.replaceAll('.', '\\.').replaceAll('*', '[^.]*')
-    originDynamic.push(new RegExp(`^${regExpStr}$`))
-  }
+	for (const origin of [options.origin, ...options.origins]) {
+		if (!origin) {
+			continue;
+		}
+		// All
+		if (origin === "*") {
+			originAny = true;
+			continue;
+		}
+		// Static
+		if (!origin.includes("*")) {
+			originStatic[origin] = true;
+			continue;
+		}
+		originMany = true;
+		// Dynamic
+		// TODO: IDN -> puncycode not handled, add in if requested
+		const regExpStr = origin.replaceAll(".", "\\.").replaceAll("*", "[^.]*");
+		// SAST Skipped: Not accessible by users
+		// nosemgrep: javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp
+		originDynamic.push(new RegExp(`^${regExpStr}$`));
+	}
-  const modifyHeaders = (headers, options, request) => {
-    const existingHeaders = Object.keys(headers)
-    if (existingHeaders.includes('Access-Control-Allow-Credentials')) {
-      options.credentials =
-        headers['Access-Control-Allow-Credentials'] === 'true'
-    }
-    if (options.credentials) {
-      headers['Access-Control-Allow-Credentials'] = String(options.credentials)
-    }
-    if (
-      options.headers &&
-      !existingHeaders.includes('Access-Control-Allow-Headers')
-    ) {
-      headers['Access-Control-Allow-Headers'] = options.headers
-    }
-    if (
-      options.methods &&
-      !existingHeaders.includes('Access-Control-Allow-Methods')
-    ) {
-      headers['Access-Control-Allow-Methods'] = options.methods
-    }
+	const modifyHeaders = (headers, options, request) => {
+		const existingHeaders = Object.keys(headers);
+		if (existingHeaders.includes("Access-Control-Allow-Credentials")) {
+			options.credentials =
+				headers["Access-Control-Allow-Credentials"] === "true";
+		}
+		if (options.credentials) {
+			headers["Access-Control-Allow-Credentials"] = String(options.credentials);
+		}
+		if (
+			options.headers &&
+			!existingHeaders.includes("Access-Control-Allow-Headers")
+		) {
+			headers["Access-Control-Allow-Headers"] = options.headers;
+		}
+		if (
+			options.methods &&
+			!existingHeaders.includes("Access-Control-Allow-Methods")
+		) {
+			headers["Access-Control-Allow-Methods"] = options.methods;
+		}
-    let newOrigin
-    if (!existingHeaders.includes('Access-Control-Allow-Origin')) {
-      const eventHeaders = request.event.headers ?? {}
-      const incomingOrigin = eventHeaders.Origin ?? eventHeaders.origin
-      newOrigin = options.getOrigin(incomingOrigin, options)
-      if (newOrigin) {
-        headers['Access-Control-Allow-Origin'] = newOrigin
-      }
-    }
+		let newOrigin;
+		if (!existingHeaders.includes("Access-Control-Allow-Origin")) {
+			const eventHeaders = request.event.headers ?? {};
+			const incomingOrigin = eventHeaders.Origin ?? eventHeaders.origin;
+			newOrigin = options.getOrigin(incomingOrigin, options);
+			if (newOrigin) {
+				headers["Access-Control-Allow-Origin"] = newOrigin;
+			}
+		}
-    if (!headers.Vary) {
-      addHeaderPart(headers, 'Vary', options.vary)
-    }
+		if (!headers.Vary) {
+			addHeaderPart(headers, "Vary", options.vary);
+		}
-    if (
-      originMany ||
-      (originAny && newOrigin !== '*') ||
-      (newOrigin === '*' && options.credentials)
-    ) {
-      addHeaderPart(headers, 'Vary', 'Origin')
-    }
+		if (
+			originMany ||
+			(originAny && newOrigin !== "*") ||
+			(newOrigin === "*" && options.credentials)
+		) {
+			addHeaderPart(headers, "Vary", "Origin");
+		}
-    if (
-      options.exposeHeaders &&
-      !existingHeaders.includes('Access-Control-Expose-Headers')
-    ) {
-      headers['Access-Control-Expose-Headers'] = options.exposeHeaders
-    }
-    if (options.maxAge && !existingHeaders.includes('Access-Control-Max-Age')) {
-      headers['Access-Control-Max-Age'] = String(options.maxAge)
-    }
-    const httpMethod = getVersionHttpMethod[request.event.version ?? '1.0']?.(
-      request.event
-    )
-    if (
-      httpMethod === 'OPTIONS' &&
-      options.cacheControl &&
-      !existingHeaders.includes('Cache-Control')
-    ) {
-      headers['Cache-Control'] = options.cacheControl
-    }
-  }
+		if (
+			options.exposeHeaders &&
+			!existingHeaders.includes("Access-Control-Expose-Headers")
+		) {
+			headers["Access-Control-Expose-Headers"] = options.exposeHeaders;
+		}
+		if (options.maxAge && !existingHeaders.includes("Access-Control-Max-Age")) {
+			headers["Access-Control-Max-Age"] = String(options.maxAge);
+		}
+		const httpMethod = getVersionHttpMethod[request.event.version ?? "1.0"]?.(
+			request.event,
+		);
+		if (
+			httpMethod === "OPTIONS" &&
+			options.cacheControl &&
+			!existingHeaders.includes("Cache-Control")
+		) {
+			headers["Cache-Control"] = options.cacheControl;
+		}
+	};
-  const httpCorsMiddlewareBefore = async (request) => {
-    if (options.disableBeforePreflightResponse) return
+	const httpCorsMiddlewareBefore = async (request) => {
+		if (options.disableBeforePreflightResponse) return;
-    const method = getVersionHttpMethod[request.event.version ?? '1.0']?.(
-      request.event
-    )
-    if (method === 'OPTIONS') {
-      normalizeHttpResponse(request)
-      const headers = {}
-      modifyHeaders(headers, options, request)
-      request.response.headers = headers
-      request.response.statusCode = 204
-      return request.response
-    }
-  }
+		const method = getVersionHttpMethod[request.event.version ?? "1.0"]?.(
+			request.event,
+		);
+		if (method === "OPTIONS") {
+			normalizeHttpResponse(request);
+			const headers = {};
+			modifyHeaders(headers, options, request);
+			request.response.headers = headers;
+			request.response.statusCode = 204;
+			return request.response;
+		}
+	};
-  const httpCorsMiddlewareAfter = async (request) => {
-    normalizeHttpResponse(request)
-    const headers = structuredClone(request.response.headers)
-    modifyHeaders(headers, options, request)
-    request.response.headers = headers
-  }
-  const httpCorsMiddlewareOnError = async (request) => {
-    if (request.response === undefined) return
-    await httpCorsMiddlewareAfter(request)
-  }
-  return {
-    before: httpCorsMiddlewareBefore,
-    after: httpCorsMiddlewareAfter,
-    onError: httpCorsMiddlewareOnError
-  }
-}
+	const httpCorsMiddlewareAfter = async (request) => {
+		normalizeHttpResponse(request);
+		const headers = structuredClone(request.response.headers);
+		modifyHeaders(headers, options, request);
+		request.response.headers = headers;
+	};
+	const httpCorsMiddlewareOnError = async (request) => {
+		if (request.response === undefined) return;
+		await httpCorsMiddlewareAfter(request);
+	};
+	return {
+		before: httpCorsMiddlewareBefore,
+		after: httpCorsMiddlewareAfter,
+		onError: httpCorsMiddlewareOnError,
+	};
+};
 const getVersionHttpMethod = {
-  '1.0': (event) => event.httpMethod,
-  '2.0': (event) => event.requestContext.http.method
-}
+	"1.0": (event) => event.httpMethod,
+	"2.0": (event) => event.requestContext.http.method,
+};
 // header in offical name, lowercase varient handeled
 const addHeaderPart = (headers, header, value) => {
-  if (!value) return
-  const headerLower = header.toLowerCase()
-  header = headers[headerLower] ? headerLower : header
-  headers[header] ??= ''
-  headers[header] &&= headers[header] + ', '
-  headers[header] += value
-}
+	if (!value) return;
+	const headerLower = header.toLowerCase();
+	const sanitizedHeader = headers[headerLower] ? headerLower : header;
+	headers[sanitizedHeader] ??= "";
+	headers[sanitizedHeader] &&= `${headers[sanitizedHeader]}, `;
+	headers[sanitizedHeader] += value;
+};
-export default httpCorsMiddleware
+export default httpCorsMiddleware;

package/package.json CHANGED Viewed

@@ -1,72 +1,69 @@
 {
-  "name": "@middy/http-cors",
-  "version": "6.1.6",
-  "description": "CORS (Cross-Origin Resource Sharing) middleware for the middy framework",
-  "type": "module",
-  "engines": {
-    "node": ">=20"
-  },
-  "engineStrict": true,
-  "publishConfig": {
-    "access": "public"
-  },
-  "module": "./index.js",
-  "exports": {
-    ".": {
-      "import": {
-        "types": "./index.d.ts",
-        "default": "./index.js"
-      },
-      "require": {
-        "default": "./index.js"
-      }
-    }
-  },
-  "types": "index.d.ts",
-  "files": [
-    "index.js",
-    "index.d.ts"
-  ],
-  "scripts": {
-    "test": "npm run test:unit && npm run test:fuzz",
-    "test:unit": "node --test __tests__/index.js",
-    "test:fuzz": "node --test __tests__/fuzz.js",
-    "test:benchmark": "node __benchmarks__/index.js"
-  },
-  "license": "MIT",
-  "keywords": [
-    "Lambda",
-    "Middleware",
-    "Serverless",
-    "Framework",
-    "AWS",
-    "AWS Lambda",
-    "Middy",
-    "CORS",
-    "Cross-Origin Resource Sharing"
-  ],
-  "author": {
-    "name": "Middy contributors",
-    "url": "https://github.com/middyjs/middy/graphs/contributors"
-  },
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/middyjs/middy.git",
-    "directory": "packages/http-cors"
-  },
-  "bugs": {
-    "url": "https://github.com/middyjs/middy/issues"
-  },
-  "homepage": "https://middy.js.org",
-  "funding": {
-    "type": "github",
-    "url": "https://github.com/sponsors/willfarrell"
-  },
-  "gitHead": "7a6c0fbb8ab71d6a2171e678697de9f237568431",
-  "dependencies": {
-    "@middy/util": "6.1.6"
-  },
-  "devDependencies": {
-    "@middy/core": "6.1.6"
-  }
+	"name": "@middy/http-cors",
+	"version": "6.2.1",
+	"description": "CORS (Cross-Origin Resource Sharing) middleware for the middy framework",
+	"type": "module",
+	"engines": {
+		"node": ">=20"
+	},
+	"engineStrict": true,
+	"publishConfig": {
+		"access": "public"
+	},
+	"module": "./index.js",
+	"exports": {
+		".": {
+			"import": {
+				"types": "./index.d.ts",
+				"default": "./index.js"
+			},
+			"require": {
+				"default": "./index.js"
+			}
+		}
+	},
+	"types": "index.d.ts",
+	"files": ["index.js", "index.d.ts"],
+	"scripts": {
+		"test": "npm run test:unit && npm run test:fuzz",
+		"test:unit": "node --test",
+		"test:fuzz": "node --test index.fuzz.js",
+		"test:perf": "node --test index.perf.js"
+	},
+	"license": "MIT",
+	"keywords": [
+		"Lambda",
+		"Middleware",
+		"Serverless",
+		"Framework",
+		"AWS",
+		"AWS Lambda",
+		"Middy",
+		"CORS",
+		"Cross-Origin Resource Sharing"
+	],
+	"author": {
+		"name": "Middy contributors",
+		"url": "https://github.com/middyjs/middy/graphs/contributors"
+	},
+	"repository": {
+		"type": "git",
+		"url": "git+https://github.com/middyjs/middy.git",
+		"directory": "packages/http-cors"
+	},
+	"bugs": {
+		"url": "https://github.com/middyjs/middy/issues"
+	},
+	"homepage": "https://middy.js.org",
+	"funding": {
+		"type": "github",
+		"url": "https://github.com/sponsors/willfarrell"
+	},
+	"gitHead": "7a6c0fbb8ab71d6a2171e678697de9f237568431",
+	"dependencies": {
+		"@middy/util": "6.2.1"
+	},
+	"devDependencies": {
+		"@middy/core": "6.2.1"
+	}
 }