npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

hapi-modern-cors

v1.1.0

Published

Enables cors for a hapijs v17+ app after hapijs was refactored.

Downloads

342

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

daniel.gillespiedaniel.gillespie

Keywords

hapihapijscorsv17v18v19

Readme

hapi-modern-cors

Dead simple CORS responses for hapi.

https://www.npmjs.com/package/hapi-modern-cors

Description

This plugin adds cors support for your hapi project. There was a major refactor of the hapi project in v17+ that broke previously working paradigms. This plugin supports the very latest versions of hapi.

Requirements

  • NodeJS v6.4.0 or higher (ES6 support)

How does it work?

This plugin, by default, will append open and permissive CORS headers on all of your existing endpoints and responses. Additionally, OPTIONS will be enabled on all of your existing routes in order to ensure CORS pre-flight works.

Installation

npm install hapi-modern-cors --save

Usage

Add cors reference and add the register plugin code to your hapi initialization:

// ...
const cors = require('hapi-modern-cors');
// ...

// sample startup method
const server = Hapi.server(...);

// routes and config should go here BEFORE calling the plugin
// and finally...

// ...

// register plugin code here
await server.register({
    plugin: cors,
    options: {}, // Can leave empty. To customize, see `Custom Options` below
});

await server.start();

Default headers for responses

Access-Control-Allow-Origin : *

Access-Control-Allow-Credentials : false

Access-Control-Allow-Methods : GET,POST,PUT,DELETE

Access-Control-Allow-Headers : Accept, Authorization, Content-Type, If-None-Match, X-Requested-With

Access-Control-Max-Age : 1728000

Custom Options

All fields are optional and don't need to be included if you're not customizing that value. If a value is not present then the corresponding default value is used.

Sample:
{
    allowCreds: <boolean>,
    allowMethods: "<string>",
    allowHeaders: "<string>",
    allowOriginResponse: <boolean>,
    overrideOrigin: "<string>",
    maxAge: <int>,
}
Full Example:
await server.register({
    plugin: cors,
    options: {
        maxAge: 500,
        allowCreds: false,
        allowOriginResponse: false
    },
});
allowCreds

Allow credentials to be passed?

Example:
true
allowMethods

What methods do you want to allow?

Example:
'GET,POST'
allowHeaders

What headers do you want to allow in your CORS responses?

Example:
'Accept, Content-Type'
allowOriginResponse

If a request has an origin attached to it should your response attach it as the allowed origin?

Example:
false

By default, if a request has an origin attached, it will be passed back as the allowed origin in the response and credentials will be allowed.

overrideOrigin

Do you want to set an explicit origin, always?

'https://google.com'
maxAge

How long should these CORS headers be cached?

Example:
600

FAQs

Is Boom supported?

Boom is fully supported.

How do CORS pre-flight work?

Before requests can begin to use CORS a pre-flight request is typically sent to the server at the same path you're requesting. However, the request will use OPTIONS rather than GET, POST, etc. The response to this request should contain some default CORS headers. This plugin will automatically create all OPTIONS routes to enable pre-flight requests to all your existing endpoints.

What happens when the origin is set?

When origin is set in the request header then the response will set the origin from * to that origin and Allow-Credentials will be set from false to true. For security reasons, Allow-Credentials cannot be set to true when * is used for origin.

Contribute

The easiest way you can contribute is to report problems, bugs, or issues when you see them. Please use tags when you create your issues in Github. Pull requests are welcome.

License

Licensed under the GNU GENERAL PUBLIC LICENSE (Version 3, 29th June 2007)

https://www.gnu.org/licenses/gpl-3.0.en.html