Tabcorp/restify-cors-middleware

Stars
108
Rank 321,259 (Top 7 %)
Language
JavaScript
Created over 10 years ago
Updated over 1 year ago

Tabcorp/restify-cors-middleware

Tabcorp

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

CORS middleware with full W3C spec support

restify-cors-middleware

CORS middleware with full W3C spec support.

Setup

$ npm install restify-cors-middleware --save

Usage

const corsMiddleware = require('restify-cors-middleware')

const cors = corsMiddleware({
  preflightMaxAge: 5, //Optional
  origins: ['http://api.myapp.com', 'http://web.myapp.com'],
  allowHeaders: ['API-Token'],
  exposeHeaders: ['API-Token-Expiry']
})

server.pre(cors.preflight)
server.use(cors.actual)

Allowed origins

You can specify the full list of domains and subdomains allowed in your application, using strings or regular expressions.

origins: [
  'http://myapp.com',
  'http://*.myapp.com',
  /^https?:\/\/myapp.com(:[\d]+)?$/
]

For added security, this middleware sets Access-Control-Allow-Origin to the origin that matched, not the configured wildcard. This means callers won't know about other domains that are supported.

Setting origins: ['*'] is also valid, although it comes with obvious security implications. Note that it will still return a customised response (matching Origin), so any caching layer (reverse proxy or CDN) will grow in size accordingly.

Troubleshooting

As per the spec, requests without an Origin will not receive any headers. Requests with a matching Origin will receive the appropriate response headers. Always be careful that any reverse proxies (e.g. Varnish) very their cache depending on the origin, so you don't serve CORS headers to the wrong request.

Compliance to the spec

See unit tests for examples of preflight and actual requests.

supervisorui

Supervisor multi-server dashboard

strummer

Structural matching for JavaScript

redis-rate-limiter

Rate limiter middleware, backed by Redis

cli-plot

Plot values from stdin directly into your terminal

atom-mocha-test-runner

Mocha test runner for Atom Editor

ember-cli-llama-table

Easy Ember.js table component

require-lint

Verify that require statements match your package.json

make-it-static

Wordpress plugin to convert post contents into static html files

bison-types

Convert between binary and json

loop-lag

Monitor the delay on the Node.js event loop

swagger-to-md

Transform swagger to markdown

real-nock

Create stub HTTP servers that you can modify on the fly

generic-cucumber-protractor-framework

Generic Cucumber Protractor Framework

node-github-credential-scraper

Naive credential scraper for GitHub

hyperactive

Test your API by crawling the hypermedia links

node-middleware-json-parse

JSON parsing middleware

tabcorp-cucumber-protractor-framework-v2

tabcorp-cucumber-protractor-framework-v2

injectmd

Inject markdown into markdown

node-s3-log-fetcher

Fetch logs from S3

bitmap-integers

Small utility module to convert between integer representations of bitmaps and arrays

ios-lib-TBCCore

TBCCore provides useful utilities for development with objective-c on iOS and macOS

dollar-string

Helper utilities for dealing with dollar strings

js-match

Validates an entire Javascript object against a set of nested matchers

mobile-gem-egg

Minimalist Dependency Management for XCode Projects

bunyan-stream

Stream data into a bunyan logger

clever-buffer

Clever read and write utilities for buffers

nsq-cleanup

A command-line tool which cleans unused NSQ channels

strummer-middleware

Generate validating middleware with a Strummer (or Strummer like) constraint.

cli-meter

Progress bar / dynamic meter for the terminal

cli-interval

Repeat a command at a given interval, and aggregate its output

label-filter

Filtering DSL to match a set of labels

cli-average

Average values from stdout over a given interval

Uluru

emit-response-size

Emit the response size as an event