-
Notifications
You must be signed in to change notification settings - Fork 47
/
micro-cors.js
64 lines (53 loc) · 1.2 KB
/
micro-cors.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
// MIT License
// https://github.com/possibilities/micro-cors
const DEFAULT_ALLOW_METHODS = [
'POST',
'GET',
'PUT',
'PATCH',
'DELETE',
'OPTIONS'
]
const DEFAULT_ALLOW_HEADERS = [
'X-Requested-With',
'Access-Control-Allow-Origin',
'X-HTTP-Method-Override',
'Content-Type',
'Authorization',
'Accept'
]
const DEFAULT_MAX_AGE_SECONDS = 60 * 60 * 24 // 24 hours
const cors = options => handler => (req, res, ...restArgs) => {
const {
maxAge,
origin,
allowHeaders,
exposeHeaders,
allowMethods
} = (options || {})
res.setHeader(
'Access-Control-Max-Age',
'' + (maxAge || DEFAULT_MAX_AGE_SECONDS)
)
res.setHeader(
'Access-Control-Allow-Origin',
(origin || '*')
)
res.setHeader(
'Access-Control-Allow-Methods',
(allowMethods || DEFAULT_ALLOW_METHODS).join(',')
)
res.setHeader(
'Access-Control-Allow-Headers',
(allowHeaders || DEFAULT_ALLOW_HEADERS).join(',')
)
if (exposeHeaders && exposeHeaders.length) {
res.setHeader(
'Access-Control-Expose-Headers',
exposeHeaders.join(',')
)
}
res.setHeader('Access-Control-Allow-Credentials', 'true')
return handler(req, res, ...restArgs)
}
module.exports = cors