Taxum / @taxum/core / middleware/cors / CorsLayer
Class: CorsLayer
Defined in: middleware/cors/index.ts:45
A layer that sets CORS headers on the response.
Example
import { CorsLayer } from "@taxum/core/middleware/cors";
import { m, Router } from "@taxum/core/routing";
const router = new Router()
.route("/", m.get(() => "Hello World))
.layer(CorsLayer.permissive());See
Implements
Constructors
Constructor
new CorsLayer():
CorsLayer
Returns
CorsLayer
Methods
allowCredentials()
allowCredentials(
allowCredentials):this
Defined in: middleware/cors/index.ts:102
Sets the Access-Control-Allow-Credentials header.
Parameters
allowCredentials
Returns
this
See
Example
import { CorsLayer } from "@taxum/core/middleware/cors";
const layer = CorsLayer.default().allowCredentials(true);allowHeaders()
allowHeaders(
allowHeaders):this
Defined in: middleware/cors/index.ts:131
Sets the Access-Control-Allow-Headers header.
Note that Access-Control-Allow-Headers is required for requests that have Access-Control-Request-Headers.
Parameters
allowHeaders
Returns
this
See
Examples
import { CorsLayer } from "@taxum/core/middleware/cors";
const layer = CorsLayer.default().allowHeaders(["authorization", "accept"]);All headers can be allowed with:
import { CorsLayer, ANY } from "@taxum/core/middleware/cors";
const layer = CorsLayer.default().allowHeaders(ANY);allowMethods()
allowMethods(
allowMethods):this
Defined in: middleware/cors/index.ts:157
Sets the Access-Control-Allow-Methods header.
Parameters
allowMethods
Returns
this
See
Examples
import { CorsLayer } from "@taxum/core/middleware/cors";
const layer = CorsLayer.default().allowMethods(["GET", "POST"]);All methods can be allowed with:
import { CorsLayer, ANY } from "@taxum/core/middleware/cors";
const layer = CorsLayer.default().allowMethods(ANY);allowOrigin()
allowOrigin(
allowOrigin):this
Defined in: middleware/cors/index.ts:204
Sets the Access-Control-Allow-Origin header.
Parameters
allowOrigin
Returns
this
See
Examples
import { CorsLayer } from "@taxum/core/middleware/cors";
const layer = CorsLayer.default().allowOrigin("https://example.com");Multiple origins can be allowed with:
import { CorsLayer } from "@taxum/core/middleware/cors";
const layer = CorsLayer.default().allowOrigin(["http://example.com", "https://api.example.com"]);All origins can be allowed with:
import { CorsLayer, ANY } from "@taxum/core/middleware/cors";
const layer = CorsLayer.default().allowOrigin(ANY);You can also use a function to dynamically determine the allowed origin:
import { CorsLayer, ANY } from "@taxum/core/middleware/cors";
const layer = CorsLayer.default().allowOrigin((origin, parts) => {
if (req.headers.get("x-custom-header") === "true") {
return "https://example.com";
}
});
***
### allowPrivateNetwork()
> **allowPrivateNetwork**(`allowPrivateNetwork`): `this`
Defined in: [middleware/cors/index.ts:221](https://github.com/DASPRiD/taxum/blob/46b98bf06515c5f43be41ed1ffe565699afbccf2/packages/core/src/middleware/cors/index.ts#L221)
Sets the `Access-Control-Allow-Private-Network` header.
#### Parameters
##### allowPrivateNetwork
[`AllowPrivateNetworkLike`](../type-aliases/AllowPrivateNetworkLike.md)
#### Returns
`this`
#### See
[MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Private-Network)
#### Example
```ts
import { CorsLayer } from "@taxum/core/middleware/cors";
const layer = CorsLayer.default().allowPrivateNetwork(true);exposeHeaders()
exposeHeaders(
exposeHeaders):this
Defined in: middleware/cors/index.ts:247
Sets the Access-Control-Expose-Headers header.
Parameters
exposeHeaders
Returns
this
See
Example
import { CorsLayer } from "@taxum/core/middleware/cors";
const layer = CorsLayer.default().exposeHeaders(["content-encoding"]);All headers can be allowed with:
@example
import { CorsLayer, ANY } from "@taxum/core/middleware/cors";
const layer = CorsLayer.default().exposeHeaders(ANY);layer()
layer(
inner):HttpService
Defined in: middleware/cors/index.ts:307
Parameters
inner
Returns
Throws
Error if the CORS configuration is invalid.
Implementation of
maxAge()
maxAge(
maxAge):this
Defined in: middleware/cors/index.ts:282
Sets the Access-Control-Max-Age header.
Parameters
maxAge
Returns
this
See
Examples
import { CorsLayer } from "@taxum/core/middleware/cors";
const layer = CorsLayer.default().maxAge(600);By default, the header will not be set which disables caching and will require a preflight request for each request.
Note that each browser has a maximum internal value that takes precedence when the Access-Control-Max-Age header is greater.
If you need more flexibility, you can supply a function which can dynamically decide the max-age based on the origin and other parts of each preflight request:
import { CorsLayer } from "@taxum/core/middleware/cors";
import { MaxAge } from "@taxum/core/middleware/cors/max-age";
const layer = CorsLayer.default().maxAge((origin, parts) => 600);vary()
vary(
vary):this
Defined in: middleware/cors/index.ts:299
Sets the Vary header.
In contrast to other headers, this one has a non-empty default of PREFLIGHT_REQUEST_HEADERS.
You only need to set this if you want to remove some of these defaults, or if you use a function for one of the other headers and want to add a vary header accordingly.
Parameters
vary
Returns
this
See
permissive()
staticpermissive():CorsLayer
Defined in: middleware/cors/index.ts:63
A permissive configuration:
- All request headers allowed.
- All methods allowed.
- All origins allowed.
- All headers exposed.
Returns
CorsLayer
veryPermissive()
staticveryPermissive():CorsLayer
Defined in: middleware/cors/index.ts:82
A very permissive configuration:
- Credentials allowed.
- The method received in
Access-Control-Request-Methodis sent back as an allowed method. - The origin of the preflight request is sent back as an allowed origin.
- The header names received in
Access-Control-Request-Headersare sent back as allowed headers. - No headers are currently exposed, but this may change in the future.
Returns
CorsLayer