Skip to content

Latest commit

 

History

History

cors

@hattip/cors

Cross-Origin Resource Sharing(CORS) middleware for Hattip.

Options

export interface CorsOptions {
  /** `Access-Control-Allow-Origin`, default is request Origin header  */
  origin?:
    | string
    | ((ctx: RequestContext) => string | false | Promise<string | false>);
  /** `Access-Control-Allow-Methods`, default is 'GET,HEAD,PUT,POST,DELETE,PATCH'  */
  allowMethods?: string | string[] | null;
  /** `Access-Control-Expose-Headers`  */
  exposeHeaders?: string | string[];
  /** `Access-Control-Allow-Headers`  */
  allowHeaders?: string | string[];
  /** `Access-Control-Max-Age` in seconds  */
  maxAge?: string | number;
  /** `Access-Control-Allow-Credentials`  */
  credentials?: boolean | ((ctx: RequestContext) => boolean | Promise<boolean>);
  /**
   * `Cross-Origin-Opener-Policy` & `Cross-Origin-Embedder-Policy` headers.',
   * default is false
   *
   * @see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/SharedArrayBuffer/Planned_changes
   */
  secureContext?: boolean;
  /**
   * Handle `Access-Control-Request-Private-Network` request by return `Access-Control-Allow-Private-Network`, default to false
   * @see https://wicg.github.io/private-network-access/
   */
  privateNetworkAccess?: boolean;
}

License