(options?: {
readonly allowedOrigins?: ReadonlyArray<string> | Predicate.Predicate<string> | undefined
readonly allowedMethods?: ReadonlyArray<string> | undefined
readonly allowedHeaders?: ReadonlyArray<string> | undefined
readonly exposedHeaders?: ReadonlyArray<string> | undefined
readonly maxAge?: number | undefined
readonly credentials?: boolean | undefined
})
| 217 | |
| 218 | /** @internal */ |
| 219 | export const cors = (options?: { |
| 220 | readonly allowedOrigins?: ReadonlyArray<string> | Predicate.Predicate<string> | undefined |
| 221 | readonly allowedMethods?: ReadonlyArray<string> | undefined |
| 222 | readonly allowedHeaders?: ReadonlyArray<string> | undefined |
| 223 | readonly exposedHeaders?: ReadonlyArray<string> | undefined |
| 224 | readonly maxAge?: number | undefined |
| 225 | readonly credentials?: boolean | undefined |
| 226 | }) => { |
| 227 | const opts = { |
| 228 | allowedOrigins: [], |
| 229 | allowedMethods: ["GET", "HEAD", "PUT", "PATCH", "POST", "DELETE"], |
| 230 | allowedHeaders: [], |
| 231 | exposedHeaders: [], |
| 232 | credentials: false, |
| 233 | ...options |
| 234 | } |
| 235 | |
| 236 | const isAllowedOrigin = typeof opts.allowedOrigins === "function" |
| 237 | ? opts.allowedOrigins |
| 238 | : (origin: string) => (opts.allowedOrigins as ReadonlyArray<string>).includes(origin) |
| 239 | |
| 240 | const allowOrigin = typeof opts.allowedOrigins === "function" || opts.allowedOrigins.length > 1 ? |
| 241 | (originHeader: string): ReadonlyRecord<string, string> | undefined => { |
| 242 | if (isAllowedOrigin(originHeader)) { |
| 243 | return { |
| 244 | "access-control-allow-origin": originHeader, |
| 245 | vary: "Origin" |
| 246 | } |
| 247 | } |
| 248 | return undefined |
| 249 | } : |
| 250 | opts.allowedOrigins.length === 1 ? |
| 251 | Function.constant({ |
| 252 | "access-control-allow-origin": opts.allowedOrigins[0], |
| 253 | vary: "Origin" |
| 254 | }) : |
| 255 | Function.constant({ |
| 256 | "access-control-allow-origin": "*" |
| 257 | }) |
| 258 | |
| 259 | const allowMethods = opts.allowedMethods.length > 0 |
| 260 | ? { "access-control-allow-methods": opts.allowedMethods.join(", ") } |
| 261 | : undefined |
| 262 | |
| 263 | const allowCredentials = opts.credentials |
| 264 | ? { "access-control-allow-credentials": "true" } |
| 265 | : undefined |
| 266 | |
| 267 | const allowHeaders = ( |
| 268 | accessControlRequestHeaders: string | undefined |
| 269 | ): ReadonlyRecord<string, string> | undefined => { |
| 270 | if (opts.allowedHeaders.length === 0 && accessControlRequestHeaders) { |
| 271 | return { |
| 272 | vary: "Access-Control-Request-Headers", |
| 273 | "access-control-allow-headers": accessControlRequestHeaders |
| 274 | } |
| 275 | } |
| 276 |
nothing calls this directly
no test coverage detected