MCPcopy Index your code
hub / github.com/Effect-TS/effect / cors

Function cors

packages/platform/src/internal/httpMiddleware.ts:219–330  ·  view source on GitHub ↗
(options?: {
  readonly allowedOrigins?: ReadonlyArray<string> | Predicate.Predicate<string> | undefined
  readonly allowedMethods?: ReadonlyArray<string> | undefined
  readonly allowedHeaders?: ReadonlyArray<string> | undefined
  readonly exposedHeaders?: ReadonlyArray<string> | undefined
  readonly maxAge?: number | undefined
  readonly credentials?: boolean | undefined
})

Source from the content-addressed store, hash-verified

217
218/** @internal */
219export const cors = (options?: {
220 readonly allowedOrigins?: ReadonlyArray<string> | Predicate.Predicate<string> | undefined
221 readonly allowedMethods?: ReadonlyArray<string> | undefined
222 readonly allowedHeaders?: ReadonlyArray<string> | undefined
223 readonly exposedHeaders?: ReadonlyArray<string> | undefined
224 readonly maxAge?: number | undefined
225 readonly credentials?: boolean | undefined
226}) => {
227 const opts = {
228 allowedOrigins: [],
229 allowedMethods: ["GET", "HEAD", "PUT", "PATCH", "POST", "DELETE"],
230 allowedHeaders: [],
231 exposedHeaders: [],
232 credentials: false,
233 ...options
234 }
235
236 const isAllowedOrigin = typeof opts.allowedOrigins === "function"
237 ? opts.allowedOrigins
238 : (origin: string) => (opts.allowedOrigins as ReadonlyArray<string>).includes(origin)
239
240 const allowOrigin = typeof opts.allowedOrigins === "function" || opts.allowedOrigins.length > 1 ?
241 (originHeader: string): ReadonlyRecord<string, string> | undefined => {
242 if (isAllowedOrigin(originHeader)) {
243 return {
244 "access-control-allow-origin": originHeader,
245 vary: "Origin"
246 }
247 }
248 return undefined
249 } :
250 opts.allowedOrigins.length === 1 ?
251 Function.constant({
252 "access-control-allow-origin": opts.allowedOrigins[0],
253 vary: "Origin"
254 }) :
255 Function.constant({
256 "access-control-allow-origin": "*"
257 })
258
259 const allowMethods = opts.allowedMethods.length > 0
260 ? { "access-control-allow-methods": opts.allowedMethods.join(", ") }
261 : undefined
262
263 const allowCredentials = opts.credentials
264 ? { "access-control-allow-credentials": "true" }
265 : undefined
266
267 const allowHeaders = (
268 accessControlRequestHeaders: string | undefined
269 ): ReadonlyRecord<string, string> | undefined => {
270 if (opts.allowedHeaders.length === 0 && accessControlRequestHeaders) {
271 return {
272 vary: "Access-Control-Request-Headers",
273 "access-control-allow-headers": accessControlRequestHeaders
274 }
275 }
276

Callers

nothing calls this directly

Calls 4

unsafeGetMethod · 0.80
joinMethod · 0.65
toStringMethod · 0.65

Tested by

no test coverage detected