deflight v1.0.4

De-flight

A middleware wrapper for express that skips calling the middleware for pre-flight requests.

Installation

# Yarn
yarn add deflight

# NPM
npm install deflight

The package exports both a named and a default export:

import { deflight } from "deflight";
// Or
import deflight from "deflight";

app.use(deflight(someMiddleware));

When to use it?

If your app serves requests coming from a different origin than your server is hosted on, and you need to do something specifically with the pre-flight requests, for example, sending the Access-Control-Allow-Methods header on a per-route basis:

app.use(deflight(someExpensiveMiddleware));

app.all('/example', (req, res, next) => {
  if ((req.method || '').toLowerCase() === 'options') {
    res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
    res.setHeader('Content-Length', '0');

    return res.status(204).end();
  }
  
  // Route logic
});

Gotchas

Using with the CORS middleware

You need to enable the preflightContinue option to let the CORS middleware pass the pre-flight request to subsequent middlewares and not return early.

app.use(
  cors({
    origin: "https://example.com",
    preflightContinue: true, // Required
  })
);

TypeScript

The wrapper uses the default Request type from the express package. If you have extended the request object, or your middleware expects a different request object:

interface ExtendedRequest extends Request {
    customProp: string;
}

app.use(deflight<ExtendedRequest>(someMiddleware));

License

Deflight is released under the MIT License.