@middy/http-cors 7.1.1 → 7.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +17 -0
- package/index.d.ts +7 -2
- package/index.js +29 -15
- package/package.json +5 -5
package/README.md
CHANGED
|
@@ -30,6 +30,23 @@
|
|
|
30
30
|
<p>You can read the documentation at: <a href="https://middy.js.org/docs/middlewares/http-cors">https://middy.js.org/docs/middlewares/http-cors</a></p>
|
|
31
31
|
</div>
|
|
32
32
|
|
|
33
|
+
## Install
|
|
34
|
+
|
|
35
|
+
```bash
|
|
36
|
+
npm install --save @middy/http-cors
|
|
37
|
+
```
|
|
38
|
+
|
|
39
|
+
|
|
40
|
+
## Documentation and examples
|
|
41
|
+
|
|
42
|
+
For documentation and examples, refer to the main [Middy monorepo on GitHub](https://github.com/middyjs/middy) or [Middy official website](https://middy.js.org/docs/middlewares/http-cors).
|
|
43
|
+
|
|
44
|
+
|
|
45
|
+
## Contributing
|
|
46
|
+
|
|
47
|
+
Everyone is very welcome to contribute to this repository. Feel free to [raise issues](https://github.com/middyjs/middy/issues) or to [submit Pull Requests](https://github.com/middyjs/middy/pulls).
|
|
48
|
+
|
|
49
|
+
|
|
33
50
|
## License
|
|
34
51
|
|
|
35
52
|
Licensed under [MIT License](LICENSE). Copyright (c) 2017-2026 [will Farrell](https://github.com/willfarrell), [Luciano Mammino](https://github.com/lmammino), and [Middy contributors](https://github.com/middyjs/middy/graphs/contributors).
|
package/index.d.ts
CHANGED
|
@@ -3,7 +3,10 @@
|
|
|
3
3
|
import type middy from "@middy/core";
|
|
4
4
|
|
|
5
5
|
export interface Options {
|
|
6
|
-
getOrigin?: (
|
|
6
|
+
getOrigin?: (
|
|
7
|
+
incomingOrigin: string,
|
|
8
|
+
options: Options,
|
|
9
|
+
) => string | null | undefined;
|
|
7
10
|
credentials?: boolean | string;
|
|
8
11
|
disableBeforePreflightResponse?: boolean;
|
|
9
12
|
headers?: string;
|
|
@@ -18,6 +21,8 @@ export interface Options {
|
|
|
18
21
|
vary?: string;
|
|
19
22
|
}
|
|
20
23
|
|
|
21
|
-
declare function httpCors(
|
|
24
|
+
declare function httpCors(
|
|
25
|
+
options?: Options,
|
|
26
|
+
): middy.MiddlewareObj<unknown, unknown, Error>;
|
|
22
27
|
|
|
23
28
|
export default httpCors;
|
package/index.js
CHANGED
|
@@ -62,7 +62,6 @@ const httpCorsMiddleware = (opts = {}) => {
|
|
|
62
62
|
if (originDynamic.some((regExp) => regExp.test(incomingOrigin))) {
|
|
63
63
|
return incomingOrigin;
|
|
64
64
|
}
|
|
65
|
-
// TODO v8 deprecate `else`
|
|
66
65
|
} else {
|
|
67
66
|
if (incomingOrigin && options.credentials && options.origin === "*") {
|
|
68
67
|
return incomingOrigin;
|
|
@@ -77,6 +76,22 @@ const httpCorsMiddleware = (opts = {}) => {
|
|
|
77
76
|
...opts,
|
|
78
77
|
};
|
|
79
78
|
|
|
79
|
+
if (
|
|
80
|
+
options.requestHeaders !== undefined &&
|
|
81
|
+
!Array.isArray(options.requestHeaders)
|
|
82
|
+
) {
|
|
83
|
+
throw new Error("requestHeaders must be an array", {
|
|
84
|
+
cause: { package: "@middy/http-cors" },
|
|
85
|
+
});
|
|
86
|
+
}
|
|
87
|
+
if (
|
|
88
|
+
options.requestMethods !== undefined &&
|
|
89
|
+
!Array.isArray(options.requestMethods)
|
|
90
|
+
) {
|
|
91
|
+
throw new Error("requestMethods must be an array", {
|
|
92
|
+
cause: { package: "@middy/http-cors" },
|
|
93
|
+
});
|
|
94
|
+
}
|
|
80
95
|
options.requestHeaders = options.requestHeaders?.map((v) => v.toLowerCase());
|
|
81
96
|
options.requestMethods = options.requestMethods?.map((v) => v.toUpperCase());
|
|
82
97
|
|
|
@@ -111,8 +126,7 @@ const httpCorsMiddleware = (opts = {}) => {
|
|
|
111
126
|
}
|
|
112
127
|
|
|
113
128
|
const modifyHeaders = (headers, options, request) => {
|
|
114
|
-
|
|
115
|
-
if (existingHeaders.includes("Access-Control-Allow-Credentials")) {
|
|
129
|
+
if (Object.hasOwn(headers, "Access-Control-Allow-Credentials")) {
|
|
116
130
|
options.credentials =
|
|
117
131
|
headers["Access-Control-Allow-Credentials"] === "true";
|
|
118
132
|
}
|
|
@@ -121,19 +135,19 @@ const httpCorsMiddleware = (opts = {}) => {
|
|
|
121
135
|
}
|
|
122
136
|
if (
|
|
123
137
|
options.headers &&
|
|
124
|
-
!
|
|
138
|
+
!Object.hasOwn(headers, "Access-Control-Allow-Headers")
|
|
125
139
|
) {
|
|
126
140
|
headers["Access-Control-Allow-Headers"] = options.headers;
|
|
127
141
|
}
|
|
128
142
|
if (
|
|
129
143
|
options.methods &&
|
|
130
|
-
!
|
|
144
|
+
!Object.hasOwn(headers, "Access-Control-Allow-Methods")
|
|
131
145
|
) {
|
|
132
146
|
headers["Access-Control-Allow-Methods"] = options.methods;
|
|
133
147
|
}
|
|
134
148
|
|
|
135
149
|
let newOrigin;
|
|
136
|
-
if (!
|
|
150
|
+
if (!Object.hasOwn(headers, "Access-Control-Allow-Origin")) {
|
|
137
151
|
const eventHeaders = request.event.headers ?? {};
|
|
138
152
|
const incomingOrigin = eventHeaders.Origin ?? eventHeaders.origin;
|
|
139
153
|
newOrigin = options.getOrigin(incomingOrigin, options);
|
|
@@ -156,11 +170,11 @@ const httpCorsMiddleware = (opts = {}) => {
|
|
|
156
170
|
|
|
157
171
|
if (
|
|
158
172
|
options.exposeHeaders &&
|
|
159
|
-
!
|
|
173
|
+
!Object.hasOwn(headers, "Access-Control-Expose-Headers")
|
|
160
174
|
) {
|
|
161
175
|
headers["Access-Control-Expose-Headers"] = options.exposeHeaders;
|
|
162
176
|
}
|
|
163
|
-
if (options.maxAge && !
|
|
177
|
+
if (options.maxAge && !Object.hasOwn(headers, "Access-Control-Max-Age")) {
|
|
164
178
|
headers["Access-Control-Max-Age"] = String(options.maxAge);
|
|
165
179
|
}
|
|
166
180
|
const httpMethod = getVersionHttpMethod[request.event.version ?? "1.0"]?.(
|
|
@@ -169,13 +183,13 @@ const httpCorsMiddleware = (opts = {}) => {
|
|
|
169
183
|
if (
|
|
170
184
|
httpMethod === "OPTIONS" &&
|
|
171
185
|
options.cacheControl &&
|
|
172
|
-
!
|
|
186
|
+
!Object.hasOwn(headers, "Cache-Control")
|
|
173
187
|
) {
|
|
174
188
|
headers["Cache-Control"] = options.cacheControl;
|
|
175
189
|
}
|
|
176
190
|
};
|
|
177
191
|
|
|
178
|
-
const httpCorsMiddlewareBefore =
|
|
192
|
+
const httpCorsMiddlewareBefore = (request) => {
|
|
179
193
|
if (options.disableBeforePreflightResponse) return;
|
|
180
194
|
|
|
181
195
|
const method = getVersionHttpMethod[request.event.version ?? "1.0"]?.(
|
|
@@ -225,15 +239,15 @@ const httpCorsMiddleware = (opts = {}) => {
|
|
|
225
239
|
}
|
|
226
240
|
};
|
|
227
241
|
|
|
228
|
-
const httpCorsMiddlewareAfter =
|
|
242
|
+
const httpCorsMiddlewareAfter = (request) => {
|
|
229
243
|
normalizeHttpResponse(request);
|
|
230
|
-
const headers =
|
|
244
|
+
const headers = { ...request.response.headers };
|
|
231
245
|
modifyHeaders(headers, options, request);
|
|
232
246
|
request.response.headers = headers;
|
|
233
247
|
};
|
|
234
|
-
const httpCorsMiddlewareOnError =
|
|
235
|
-
if (request.response === undefined) return;
|
|
236
|
-
|
|
248
|
+
const httpCorsMiddlewareOnError = (request) => {
|
|
249
|
+
if (typeof request.response === "undefined") return;
|
|
250
|
+
httpCorsMiddlewareAfter(request);
|
|
237
251
|
};
|
|
238
252
|
return {
|
|
239
253
|
before: httpCorsMiddlewareBefore,
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@middy/http-cors",
|
|
3
|
-
"version": "7.1.
|
|
3
|
+
"version": "7.1.3",
|
|
4
4
|
"description": "CORS (Cross-Origin Resource Sharing) middleware for the middy framework",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"engines": {
|
|
@@ -63,12 +63,12 @@
|
|
|
63
63
|
"type": "github",
|
|
64
64
|
"url": "https://github.com/sponsors/willfarrell"
|
|
65
65
|
},
|
|
66
|
-
"gitHead": "7a6c0fbb8ab71d6a2171e678697de9f237568431",
|
|
67
66
|
"dependencies": {
|
|
68
|
-
"@middy/util": "7.1.
|
|
67
|
+
"@middy/util": "7.1.3"
|
|
69
68
|
},
|
|
70
69
|
"devDependencies": {
|
|
71
|
-
"@middy/core": "7.1.
|
|
72
|
-
"@types/aws-lambda": "^8.0.0"
|
|
70
|
+
"@middy/core": "7.1.3",
|
|
71
|
+
"@types/aws-lambda": "^8.0.0",
|
|
72
|
+
"@types/node": "^22.0.0"
|
|
73
73
|
}
|
|
74
74
|
}
|