(response: NextResponse, policy: CorsPolicy)
| 100 | const CORS_PREFLIGHT_MAX_AGE = '86400' |
| 101 | |
| 102 | function applyCorsHeaders(response: NextResponse, policy: CorsPolicy): void { |
| 103 | response.headers.set('Access-Control-Allow-Origin', policy.origin) |
| 104 | response.headers.set('Access-Control-Allow-Credentials', String(policy.credentials)) |
| 105 | response.headers.set('Access-Control-Allow-Methods', policy.methods) |
| 106 | response.headers.set('Access-Control-Allow-Headers', policy.headers) |
| 107 | if (policy.origin !== '*') { |
| 108 | response.headers.set('Vary', 'Origin') |
| 109 | } |
| 110 | } |
| 111 | |
| 112 | /** Next's auto-OPTIONS doesn't carry middleware headers, so we answer preflight here. */ |
| 113 | function buildPreflightResponse(policy: CorsPolicy): NextResponse { |
no test coverage detected