CORS

Cross origin resource sharing headers parsing

Stric provides the CORS class to parse and check request origin.

import { Router } from '@stricjs/router';
import { CORS } from '@stricjs/utils';

const cors = new CORS();

// Parsed headers without 'Access-Control-Allow-Origin' 
// if this header value is not '*'
cors.headers;

// Check if an origin exists in the allowed origins list
// This function returns the origin as 'Access-Control-Allow-Origin' if matches
cors.check('example.com');

Here's more options that you can use to specify the CORS headers to return.

import { CORS } from '@stricjs/utils';

new CORS({
    /**
     * 'Access-Control-Allow-Origin' header
     */
    allowOrigins?: string | string[];
    /**
     * 'Access-Control-Allow-Methods' header
     */
    allowMethods?: string | RequestMethod | RequestMethod[];
    /**
     * 'Access-Control-Expose-Headers' header
     */
    exposeHeaders?: string | string[];
    /**
     * 'Access-Control-Max-Age' header
     */
    maxAge?: number;
    /**
     * 'Access-Control-Allow-Credentials' header
     */
    allowCredentials?: boolean;
    /**
     * 'Access-Control-Allow-Headers' header
     */
    allowHeaders?: string | string[];
});

Last updated 1 year ago

Was this helpful?