buncors
The cors middleware that enables a bunrest server to handle cors requests. It also handles preflight requests 😃.
Default Response Headers
If no options are provided, the response headers will be as follows:
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Headers: Content-Type
Access-Control-Max-Age: 5
NOTE: The allow headers will always append Content-Type
to your response headers so no need to add it to the list.
Usage Examples
Globally
import server from "bunrest";
import cors from "buncors";
const app = server();
app.use(cors());
app.listen(Bun.env.PORT, () => {
console.log(`[startup]: Server running on port "${Bun.env.PORT}"`);
});
Specific Route
import server from "bunrest";
import cors from "buncors";
const app = server();
app.post("/auth", cors(), async (req, res) => {
// some processing code
res.status(200).json({ success: true });
});
app.listen(Bun.env.PORT, () => {
console.log(`[startup]: Server running on port "${Bun.env.PORT}"`);
});
Preflight Example
Note that in most cases, you will not have to explicity handle a preflight request separately.
import server from "bunrest";
import cors from "buncors";
const app = server();
app.post("/auth", async (req, res) => {
// some processing code
res.status(200).json({ success: true });
});
app.options(
"/auth",
cors({
allowedHeaders: ["X-TOKEN"],
methods: ["POST"],
origins: ["www.cerebrus.dev"],
})
);
app.listen(Bun.env.PORT, () => {
console.log(`[startup]: Server running on port "${Bun.env.PORT}"`);
});
CorsOptions Interface
origins?: string | string[];
methods?: string[];
allowedHeaders?: string[];
maxAge?: number;
allowCredentials?: boolean;
exposedHeaders?: string[];
Param | Type | Default | Is Required? | Description |
---|---|---|---|---|
origins | string, string[], undefined |
* |
No | Sets the Access-Control-Allow-Origin header; if set, it will dynamically return the correct origin or the first origin is not accetped. |
methods | string[], undefined |
GET,HEAD,PUT,PATCH,POST,DELETE |
No | Sets the Access-Control-Allow-Methods header. |
allowedHeaders | string[], undefined |
Content-Type |
No | Sets the Access-Control-Allow-Headers header; will always append Content-Type to the allowed headers. |
maxAge | number, undefined |
5 |
No | Sets the Access-Control-Max-Age header in seconds. |
allowCredentials | boolean, undefined |
undefined |
No | Sets the Access-Control-Allow-Credentials header. |
exposedHeaders | string[], undefined |
undefined |
No | Sets the Access-Control-Expose-Headers header. |
Changelog
v0.2.x
v0.2.4
- Added updated build
v0.2.3
- Added gloabl decleration compatibility
v0.2.2
- Better handling of wildcard origin
v0.2.1
- Removed console log statement
- Handling spaces in allowedHeaders request
v0.2.0
- Updated handler to manage allowedHeaders regardless of ordering or case
- Enabled non preflight requests returning headers EXCEPT allowedMethods
- Now you can send exposed headers back to the client
v0.1.x
v0.1.2
- Removed console log statement
v0.1.1
- Added lib to NPM
v0.1.0
- Initial commit