1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.cors = void 0;
const cors = (options) => {
const defaults = {
origin: '*',
allowMethods: ['GET', 'HEAD', 'PUT', 'POST', 'DELETE', 'PATCH'],
allowHeaders: [],
exposeHeaders: [],
};
const opts = {
...defaults,
...options,
};
return async (c, next) => {
await next();
function set(key, value) {
c.res.headers.append(key, value);
}
set('Access-Control-Allow-Origin', opts.origin);
// Suppose the server sends a response with an Access-Control-Allow-Origin value with an explicit origin (rather than the "*" wildcard).
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
if (opts.origin !== '*') {
set('Vary', 'Origin');
}
if (opts.credentials) {
set('Access-Control-Allow-Credentials', 'true');
}
if (opts.exposeHeaders?.length) {
set('Access-Control-Expose-Headers', opts.exposeHeaders.join(','));
}
if (c.req.method === 'OPTIONS') {
// Preflight
if (opts.maxAge != null) {
set('Access-Control-Max-Age', opts.maxAge.toString());
}
if (opts.allowMethods?.length) {
set('Access-Control-Allow-Methods', opts.allowMethods.join(','));
}
let headers = opts.allowHeaders;
if (!headers?.length) {
const requestHeaders = c.req.headers.get('Access-Control-Request-Headers');
if (requestHeaders) {
headers = requestHeaders.split(/\s*,\s*/);
}
}
if (headers?.length) {
set('Access-Control-Allow-Headers', headers.join(','));
set('Vary', 'Access-Control-Request-Headers');
}
c.res.headers.delete('Content-Length');
c.res.headers.delete('Content-Type');
c.res = new Response(null, {
headers: c.res.headers,
status: 204,
statusText: c.res.statusText,
});
}
};
};
exports.cors = cors;
|
