Giter VIP home page Giter VIP logo

koa-cors's Issues

Support koa@2

Are you planning to support koa@2?

koa deprecated Support for generators will been removed in v3. See the documentation for examples of how to convert old middleware https://github.com/koajs/koa/tree/v2.x#old-signature-middleware-v1x

Add setting to yield next on OPTION request

In most cases it makes sense to just return a 204 on an OPTIONS request, but the specification says that a body can be included with the response. Could we have some sort of setting that makes the module not capture the OPTIONS request?

To clarify, I need a setting that does something like below:

if (options.captureOptions === true && this.method === 'OPTIONS') {
    this.status = 204;
} else {
    yield next;
}

Getting request origin within the origin function

How do you get the request origin from the request object that is passed to an origin function? It seems as though this object does not contain the origin, which would be very helpful for allowing a whitelist of request origins.

yield next; location problem

yield next; statement should be at the end of the middleware as it is customary (which will allow me to place the middleware in the middleware stack according to my needs). Also the response for OPTIONS request should not yield anymore. So to fix both problems at once, we can simply modify the final 'if' statement like:

if (this.method === 'OPTIONS') {
  this.status = 204;
} else {
  yield next;
}

Support Typescript @types

Hi,
I am using this lib with Typescript.
Do you plan to make a "@types/koa-cors" module? It's quite nice to have this when you're coding.

Thx

Chrome content-type on POST

Can we fix somehow this?

http://stackoverflow.com/questions/5027705/error-in-chrome-content-type-is-not-allowed-by-access-control-allow-headers

Steps to reproduce:

  • send post request on foreign domain
  • set content-type header to application/json
  • chrome makes options request
  • chrome developer toolbar shows: Access-Control-Request-Headers:accept, x-requested-with, content-type
  • but the server never gets the last one
  • cors module responds with the same what it gets
  • chrome expects to see content-type and throws "Content-Type is not allowed by Access-Control-Allow-Headers"

overrides Access-Control-Allow-Methods

Access-Control-Allow-Methods from koa-router will not be visible.
Maybe there could be an option to handle this.
Or ignoring the header field if its already set.

'settings' should be immutable

At the beginning of the middleware handler, there is:

var options = settings || defaults;

Later, at several places, the options object is modified. For example:

options.headers = this.header['access-control-request-headers'];

It means that the global middleware settings object (or defaults if no settings are specified) is modified from one request to another. I think it's dangerous and a source of bugs.

errors when passing origin as option

if you run tests in #10 you will see that when setting origin to true the middleware stringifies a function into the header.
When setting origin to false there are still cors headers set.

I think these problems will pass away when you do some testing :)

methods option doesn't work in v2?

What am I doing wrong?

I get a JSON parse error:

app
  .use(bodyParser())
  .use(cors({
    methods: ['GET', 'PUT', 'POST', 'PATCH', 'DELETE']
  }))

yield after setting headers

Hello,

I wanted to use koa-cors for my REST API but unfortunately had the problem that the cors headers are not set when an error is thrown (as there is no downstream anymore).

This leads to the problem that I get an xhr error in the browser when trying to authenticate over HTTP Basic as this is handled by koa-basic-auth as error.

Are there any reasons moving the yield next; to after the cors part?

Best,
Bo

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.