npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@vs-org/cors

v0.0.2

Published

This is simple CORS express middleware package to handle CORS headers and configurations.

Downloads

1

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

vs-orgvs-org

Keywords

CORSexpress cors middlewareexpress corsvs corsCORS config@vs-org@vs-org/corsvs-cors

Readme

@vs-org/cors

This is simple CORS express middleware package to handle CORS headers and configurations. With this package user can keep all CORS policies configured and refered from single place rather than jumping in code for each routes CORS policies.

Usage

  1. Wild card routes (common CORS policy for all routes)

    a) CORS is configured only all routes * route and there is options route handler as well for * route. b) With below example CORS policies will be applied for all routes.

// CJS
import VsCors from "@vs-org/cors";

// Module
const VsCors = "@vs-org/cors".default;

const vsCors = VsCors([
    {
      routes: ["*"],
      corsRules: {
        allowedMethods: ["GET", "DELETE", "PUT", "POST", "PATCH"],
        allowedHeaders: ["*"],
        allowedOrigins: ["http://localhost:3000", "https://www.google.com"]
      }
    }
  ]);

  app.options("*", vsCors);
  app.post("/login", vsCors, async (req: Request, resp: Response) => {
    return resp.send("Login success response");
  });

  1. Specific CORS policies per route

    a) CORS is configured only for /login route and there is options route handler as well for /login route. b) With below example CORS policies will be only applied for /login route.

// CJS
import VsCors from "@vs-org/cors";

// Module
const VsCors = "@vs-org/cors".default;

const vsCors = VsCors([
    {
      routes: ["/login"],
      corsRules: {
        allowedMethods: ["POST"],
        allowedHeaders: ["*"],
        allowedOrigins: ["http://localhost:3000", "https://www.google.com"]
      }
    }
  ]);

  // vsCors is required with OPTIONS route, as preflight decides the CORS by browser.
  // vsCors is required with `POST` as it will be actual CORS response
  app.options("/login", vsCors);
  app.post("/login", vsCors, async (req: Request, resp: Response) => {
    return resp.send("Login success response");
  });

  1. Specific CORS policies per route, and common policy for other routes

    a) If CORS policies are needed per route then configure CORS with different rules. b) With below example we have configured * route and /login route. If any other route apart from /login is requested for eg: /delete route. Then * CORS policies will be used. c) Note even though * is configures there should be options route handling from application. Refer below example.

// CJS
import VsCors from "@vs-org/cors";

// Module
const VsCors = "@vs-org/cors".default;

const vsCors = VsCors([
    {
      routes: ["*"],
      corsRules: {
        allowedMethods: ["GET", "DELETE", "PUT", "POST", "PATCH"],
        allowedHeaders: ["*"],
        allowedOrigins: ["http://localhost:3000", "https://www.google.com"]
      }
    },
    {
      routes: ["/login"],
      corsRules: {
        allowedMethods: ["POST"],
        allowedHeaders: ["*"],
        allowedOrigins: ["http://localhost:3000", "https://www.google.com"]
      }
    }
  ]);

  app.options("/login", vsCors);
  app.post("/login", vsCors, async (req: Request, resp: Response) => {
    return resp.send("Login success response");
  });

  app.options("/delete", vsCors); // or here it can be app.options("/delete", vsCors);
  app.delete("/delete", vsCors, async (req: Request, resp: Response) => {
    return resp.send("delete success response");
  });

CORS options

| option | required | type | Description | | ---------------------- | -------- | ------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | allowedOrigins | false | string[] \| RegExp[] | This option can be used to restrict which origins can access application resources. If this option is set then Access-Control-Allow-Origin header will be configured in preflight requests (OPTIONS) response for browser to process CORS request. Actual request response will also be populated with this header. For more information follow Access-Control-Allow-Origin | | allowedMethods | false | string[] can only contain one of the "OPTIONS", "GET", "HEAD", "PATCH", "PUT", "POST", "DELETE" | This option can be used to restrict which HTTP verb / methods can be used to access application resources from other domains. If this option is set then Access-Control-Allow-Methods header will be configured in preflight requests (OPTIONS) response for browser to process CORS request. Actual request response will also be populated with this header. For more information follow Access-Control-Allow-Methods | | allowedHeaders | false | string[] | This option can be used to restrict which custom headers (except from CORS safelist headers) can be sent by client application to access application resources from other domains. If this option is set then Access-Control-Allow-Headers header will be configured in preflight requests (OPTIONS) response for browser to process CORS request. Actual request response will also be populated with this header. For more information follow Access-Control-Allow-Headers | | allowedExposeHeaders | false | string[] | This option can be used to let browser know which response headers will be accessible for client application (Javascript). If this option is set then Access-Control-Expose-Headers header will be configured in preflight requests (OPTIONS) response for browser to process CORS request. Actual request response will also be populated with this header. For more information follow Access-Control-Expose-Headers | | allowCredentials | false | boolean | This option can be used to let browser know that client application (Javascript) can include crederntials ( cookies, authorization headers, or TLS client certificates) in actual request. If this option is set then Access-Control-Allow-Credentials header will be configured in preflight requests (OPTIONS) response for browser to process CORS request. Main request response will also be populated with this header. For more information follow Access-Control-Allow-Credentials | | accessControlMaxAge | false | number | This option can be used to indicates how long the results of a preflight request (OPTIONS). If this option is set then Access-Control-Max-Age header will be configured in OPTIONS response for browser to process CORS request. Main request response will also be populated with this header. There is cap for different browsers for more information follow Access-Control-Max-Age | | responseHandler | false | Function: (req:Request, resp: Response, next: NextFunction)=> void | This option can be used to change default response from package for preflight request (OPTIONS). Note this is only applicable for preflight request (OPTIONS) for other HTTP verb / methods package will relay request to next request handler via express.NextFunction. |

License

MIT (see LICENSE)

Note

This is experimental package and not actively maintained. Please don't raise issues or feature requests. Only use for development and POC's.