@elysiajs/cors
v1.1.1
Published
Plugin for Elysia that for Cross Origin Requests (CORs)
Downloads
113,722
Readme
@elysiajs/cors
Plugin for elysia that for Cross Origin Requests (CORs)
Installation
bun add @elysiajs/cors
Example
import { Elysia } from 'elysia'
import { cors } from '@elysiajs/cors'
const app = new Elysia()
.use(cors())
.listen(8080)
Config
origin
@default true
Assign the Access-Control-Allow-Origin header.
Value can be one of the following:
string
- String of origin which will directly assign toAccess-Control-Allow-Origin
boolean
- If set to true,Access-Control-Allow-Origin
will be set to*
(accept all origin)RegExp
- Pattern to use to test with request's url, will accept origin if matched.Function
- Custom logic to validate origin acceptance or not. will accept origin iftrue
is returned.- Function will accepts
Context
just likeHandler
// Example usage app.use(cors, { origin: ({ request, headers }) => true }) // Type Definition type CORSOriginFn = (context: Context) => boolean | void
- Function will accepts
Array<string | RegExp | Function>
- Will try to find truthy value of all options above. Will accept Request if one istrue
.
methods
@default *
Assign Access-Control-Allow-Methods header.
Value can be one of the following: Accept:
undefined | null | ''
- Ignore all methods.*
- Accept all methods.HTTPMethod
- Will be directly set to Access-Control-Allow-Methods.- Expects either a single method or a comma-delimited string (eg: 'GET, PUT, POST')
HTTPMethod[]
- Allow multiple HTTP methods.- eg: ['GET', 'PUT', 'POST']
allowedHeaders
@default *
Assign Access-Control-Allow-Headers header.
Allow incoming request with the specified headers.
Value can be one of the following:
string
- Expects either a single method or a comma-delimited string (eg: 'Content-Type, Authorization').
string[]
- Allow multiple HTTP methods.- eg: ['Content-Type', 'Authorization']
exposedHeaders
@default *
Assign Access-Control-Exposed-Headers header.
Return the specified headers to request in CORS mode.
Value can be one of the following:
string
- Expects either a single method or a comma-delimited string (eg: 'Content-Type, 'X-Powered-By').
string[]
- Allow multiple HTTP methods.- eg: ['Content-Type', 'X-Powered-By']
credentials
@default true
Assign Access-Control-Allow-Credentials header.
Allow incoming requests to send credentials
header.
boolean
- Available if set totrue
.
maxAge
@default 5
Assign Access-Control-Max-Age header.
Allow incoming requests to send credentials
header.
number
- Duration in seconds to indicates how long the results of a preflight request can be cached.
preflight
@default true
Add [OPTIONS] /*
handler to handle preflight request which response with HTTP 204
and CORS hints.
boolean
- Available if set totrue
.