1.0.0-beta.6
CORS protocol for standard Request and Response
Attributes
Includes Deno configuration
Repository
Current version released
3 years ago
Dependencies
deno.land/x
cors
CORS protocol utilities for standard Request and Response.
Packages
The package supports multiple platforms.
- deno.land/x -
https://deno.land/x/cors_protocol@$VERSION/mod.ts - npm -
@httpland/cors
Definition of Terms
request = same-origin-request | cross-origin-request
preflight request ∈ cross-origin-request- Cross-Origin request - A request that contains
originin the HTTP header field. - Same-Origin request - Request that is not a Cross-Origin-request
- Preflight request - A Cross-Origin request whose HTTP request method is
OPTIONSand whose HTTP header fields includeaccess-control-request-headersandaccess-control-request-method.
CORS response
When a cross-origin request arrives, a response containing a CORS header should
be returned. withCors returns a new Response object from the Request and
Response that satisfies CORS.
CORS request:
Add the access-control-allow-origin header.
import { withCors } from "https://deno.land/x/cors_protocol@$VERSION/mod.ts";
import { assertEquals } from "https://deno.land/std/testing/asserts.ts";
const corsRequest = new Request("http://api.test", {
headers: { origin: "http://cors.test" },
});
const yourResponse = new Response();
const response = withCors(corsRequest, yourResponse);
assertEquals(response.headers.get("access-control-allow-origin"), "*");CORS preflight request:
Add access-control-allow-origin, access-control-allow-methods and
access-control-allow-headers headers.
import { withCors } from "https://deno.land/x/cors_protocol@$VERSION/mod.ts";
import { assertEquals } from "https://deno.land/std/testing/asserts.ts";
const preflightRequest = new Request("http://api.test", {
method: "OPTIONS",
headers: {
origin: "http://cors.test",
"access-control-request-method": "POST",
"access-control-request-headers": "x-server",
},
});
const yourResponse = new Response("ok");
const response = withCors(preflightRequest, yourResponse);
assertEquals(response.status, 204);
assertEquals(await response.text(), "");
assertEquals(response.headers.get("access-control-allow-origin"), "*");
assertEquals(response.headers.get("access-control-allow-methods"), "POST");
assertEquals(response.headers.get("access-control-allow-headers"), "x-server");Same-origin request:
Nothing.
import { withCors } from "https://deno.land/x/cors_protocol@$VERSION/mod.ts";
import { assertEquals } from "https://deno.land/std/testing/asserts.ts";
const request = new Request("http://cors.test", {
headers: { origin: "http://cors.test" },
});
const yourResponse = new Response();
const response = withCors(request, yourResponse);
assertEquals(response, yourResponse);Customize CORS headers
The Default CORS header is as follows:
| Header field name | Default | Option name |
|---|---|---|
| access-control-allow-origin | * |
allowOrigin |
| access-control-allow-headers | Same as access-control-request-headers |
allowHeaders |
| access-control-allow-methods | Same as access-control-request-method |
allowMethods |
| access-control-allow-credentials | - | allowCredentials |
| access-control-expose-headers | - | exposeHeaders |
| access-control-max-age | - | maxAge |
import { withCors } from "https://deno.land/x/cors_protocol@$VERSION/mod.ts";
import { assertEquals } from "https://deno.land/std/testing/asserts.ts";
const corsRequest = new Request("http://api.test", {
headers: { origin: "http://cors.test" },
});
const yourResponse = new Response();
const response = withCors(corsRequest, yourResponse, {
allowOrigin: ["http://cors.test", "http://api.cors.test"].join(),
allowCredentials: true,
});
assertEquals(
response.headers.get("access-control-allow-origin"),
"http://cors.test,http://api.cors.test",
);
assertEquals(response.headers.get("access-control-allow-credentials"), "true");API
All APIs can be found in the deno doc.
License
Copyright © 2023-present httpland.
Released under the MIT license