0.2.4 • Published 6 months ago
buncors v0.2.4
buncors
The cors middleware that enables a bunrest server to handle cors requests. It also handles preflight requests 😃.
Default Response Headers
If no options are provided, the response headers will be as follows:
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Headers: Content-Type
Access-Control-Max-Age: 5NOTE: The allow headers will always append Content-Type to your response headers so no need to add it to the list.
Usage Examples
Globally
import server from "bunrest";
import cors from "buncors";
const app = server();
app.use(cors());
app.listen(Bun.env.PORT, () => {
console.log(`[startup]: Server running on port "${Bun.env.PORT}"`);
});Specific Route
import server from "bunrest";
import cors from "buncors";
const app = server();
app.post("/auth", cors(), async (req, res) => {
// some processing code
res.status(200).json({ success: true });
});
app.listen(Bun.env.PORT, () => {
console.log(`[startup]: Server running on port "${Bun.env.PORT}"`);
});Preflight Example
Note that in most cases, you will not have to explicity handle a preflight request separately.
import server from "bunrest";
import cors from "buncors";
const app = server();
app.post("/auth", async (req, res) => {
// some processing code
res.status(200).json({ success: true });
});
app.options(
"/auth",
cors({
allowedHeaders: ["X-TOKEN"],
methods: ["POST"],
origins: ["www.cerebrus.dev"],
})
);
app.listen(Bun.env.PORT, () => {
console.log(`[startup]: Server running on port "${Bun.env.PORT}"`);
});CorsOptions Interface
origins?: string | string[];
methods?: string[];
allowedHeaders?: string[];
maxAge?: number;
allowCredentials?: boolean;
exposedHeaders?: string[];| Param | Type | Default | Is Required? | Description |
|---|---|---|---|---|
| origins | string, string[], undefined | * | No | Sets the Access-Control-Allow-Origin header; if set, it will dynamically return the correct origin or the first origin is not accetped. |
| methods | string[], undefined | GET,HEAD,PUT,PATCH,POST,DELETE | No | Sets the Access-Control-Allow-Methods header. |
| allowedHeaders | string[], undefined | Content-Type | No | Sets the Access-Control-Allow-Headers header; will always append Content-Type to the allowed headers. |
| maxAge | number, undefined | 5 | No | Sets the Access-Control-Max-Age header in seconds. |
| allowCredentials | boolean, undefined | undefined | No | Sets the Access-Control-Allow-Credentials header. |
| exposedHeaders | string[], undefined | undefined | No | Sets the Access-Control-Expose-Headers header. |
Changelog
v0.2.x
- Added updated build
- Added gloabl decleration compatibility
- Better handling of wildcard origin
- Removed console log statement
- Handling spaces in allowedHeaders request
- Updated handler to manage allowedHeaders regardless of ordering or case
- Enabled non preflight requests returning headers EXCEPT allowedMethods
- Now you can send exposed headers back to the client
v0.1.x
- Removed console log statement
- Added lib to NPM
- Initial commit