buncors
A tool that brings expressjs cors functionality to bun's bunrest package.
Ecosystems:
Bun
buncors
The cors middleware that enables a bunrest server to handle cors requests. It also handles preflight requests 😃.
Default Response Headers
If no options are provided, the response headers will be as follows:
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Headers: Content-Type
Access-Control-Max-Age: 5
NOTE: The allow headers will always append Content-Type to your response headers so no need to add it to the list.
Usage Examples
Globally
import server from "bunrest";
import cors from "buncors";
const app = server();
app.use(cors());
app.listen(Bun.env.PORT, () => {
console.log(`[startup]: Server running on port "${Bun.env.PORT}"`);
});
Specific Route
import server from "bunrest";
import cors from "buncors";
const app = server();
app.post("/auth", cors(), async (req, res) => {
// some processing code
res.status(200).json({ success: true });
});
app.listen(Bun.env.PORT, () => {
console.log(`[startup]: Server running on port "${Bun.env.PORT}"`);
});
Preflight Example
Note that in most cases, you will not have to explicity handle a preflight request separately.
import server from "bunrest";
import cors from "buncors";
const app = server();
app.post("/auth", async (req, res) => {
// some processing code
res.status(200).json({ success: true });
});
app.options(
"/auth",
cors({
allowedHeaders: ["X-TOKEN"],
methods: ["POST"],
origins: ["www.cerebrus.dev"],
})
);
app.listen(Bun.env.PORT, () => {
console.log(`[startup]: Server running on port "${Bun.env.PORT}"`);
});
CorsOptions Interface
origins?: string | string[];
methods?: string[];
allowedHeaders?: string[];
maxAge?: number;
allowCredentials?: boolean;
exposedHeaders?: string[];
| Param | Type | Default | Is Required? | Description |
|---|---|---|---|---|
| origins | string, string[], undefined |
* |
No | Sets the Access-Control-Allow-Origin header; if set, it will dynamically return the correct origin or the first origin is not accetped. |
| methods | string[], undefined |
GET,HEAD,PUT,PATCH,POST,DELETE |
No | Sets the Access-Control-Allow-Methods header. |
| allowedHeaders | string[], undefined |
Content-Type |
No | Sets the Access-Control-Allow-Headers header; will always append Content-Type to the allowed headers. |
| maxAge | number, undefined |
5 |
No | Sets the Access-Control-Max-Age header in seconds. |
| allowCredentials | boolean, undefined |
undefined |
No | Sets the Access-Control-Allow-Credentials header. |
| exposedHeaders | string[], undefined |
undefined |
No | Sets the Access-Control-Expose-Headers header. |
Changelog
v0.2.x
- Added gloabl decleration compatibility
- Better handling of wildcard origin
- Removed console log statement
- Handling spaces in allowedHeaders request
- Updated handler to manage allowedHeaders regardless of ordering or case
- Enabled non preflight requests returning headers EXCEPT allowedMethods
- Now you can send exposed headers back to the client
v0.1.x
- Removed console log statement
- Added lib to NPM
- Initial commit
Package Rankings
Top 21.62% on Npmjs.org