A rewrite of expressjs/cors module.

HTTP cors header middleware.

pnpm i @tinyhttp/cors

import { cors } from '@tinyhttp/cors'

Returns the CORS middleware with the settings specified in the parameters

• origin: Can be a string defining the Access-Control-Allow-Origin value, a boolean which if set to true sets the header to '*', a Regex type, an array (for multiple origins) or a function which contains the request and response as parameters and must return the value for the Access-Control-Allow-Origin header
• methods: Array of method names which define the Access-Control-Allow-Methods header, default to all the most common methods (GET, HEAD, PUT, PATCH, POST, DELETE)
• allowedHeaders: Configures the Access-Control-Allow-Headers CORS header. Expects an array (ex: ['Content-Type', 'Authorization']).
• exposedHeaders: Configures the Access-Control-Expose-Headers CORS header. If not specified, no custom headers are exposed
• credentials: Configures the Access-Control-Allow-Credentials CORS header. Set to true to pass the header, otherwise it is omitted.
• maxAge: Configures the Access-Control-Max-Age CORS header. Set to an integer to pass the header, otherwise it is omitted.
• optionsSuccessStatus: Provides a status code to use for successful OPTIONS requests, since some legacy browsers (IE11, various SmartTVs) choke on 204.
• preflightContinue: Set 204 and finish response if true, call next if false.

The default configuration is:

{
  "origin": "*",
  "methods": ["GET", "HEAD", "PUT", "PATCH", "POST", "DELETE"],
  "optionsSuccessStatus": 204,
  "preflightContinue": false
}

import { App } from '@tinyhttp/app'
import { cors } from '@tinyhttp/cors'

const app = new App()

app
  .use(cors({ origin: 'https://myfantastic.site/' }))
  .options('*', cors())
  .get('/', (req, res) => {
    res.send('The headers contained in my response are defined in the cors middleware')
  })
  .listen(3000)