diff options
Diffstat (limited to 'config/cors.ts')
-rw-r--r-- | config/cors.ts | 134 |
1 files changed, 134 insertions, 0 deletions
diff --git a/config/cors.ts b/config/cors.ts new file mode 100644 index 0000000..dc0e3f6 --- /dev/null +++ b/config/cors.ts | |||
@@ -0,0 +1,134 @@ | |||
1 | /** | ||
2 | * Config source: https://git.io/JfefC | ||
3 | * | ||
4 | * Feel free to let us know via PR, if you find something broken in this config | ||
5 | * file. | ||
6 | */ | ||
7 | |||
8 | import { CorsConfig } from '@ioc:Adonis/Core/Cors'; | ||
9 | |||
10 | const corsConfig: CorsConfig = { | ||
11 | /* | ||
12 | |-------------------------------------------------------------------------- | ||
13 | | Enabled | ||
14 | |-------------------------------------------------------------------------- | ||
15 | | | ||
16 | | A boolean to enable or disable CORS integration from your AdonisJs | ||
17 | | application. | ||
18 | | | ||
19 | | Setting the value to `true` will enable the CORS for all HTTP request. However, | ||
20 | | you can define a function to enable/disable it on per request basis as well. | ||
21 | | | ||
22 | */ | ||
23 | enabled: false, | ||
24 | |||
25 | // You can also use a function that return true or false. | ||
26 | // enabled: (request) => request.url().startsWith('/api') | ||
27 | |||
28 | /* | ||
29 | |-------------------------------------------------------------------------- | ||
30 | | Origin | ||
31 | |-------------------------------------------------------------------------- | ||
32 | | | ||
33 | | Set a list of origins to be allowed for `Access-Control-Allow-Origin`. | ||
34 | | The value can be one of the following: | ||
35 | | | ||
36 | | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin | ||
37 | | | ||
38 | | Boolean (true) - Allow current request origin. | ||
39 | | Boolean (false) - Disallow all. | ||
40 | | String - Comma separated list of allowed origins. | ||
41 | | Array - An array of allowed origins. | ||
42 | | String (*) - A wildcard (*) to allow all request origins. | ||
43 | | Function - Receives the current origin string and should return | ||
44 | | one of the above values. | ||
45 | | | ||
46 | */ | ||
47 | origin: true, | ||
48 | |||
49 | /* | ||
50 | |-------------------------------------------------------------------------- | ||
51 | | Methods | ||
52 | |-------------------------------------------------------------------------- | ||
53 | | | ||
54 | | An array of allowed HTTP methods for CORS. The `Access-Control-Request-Method` | ||
55 | | is checked against the following list. | ||
56 | | | ||
57 | | Following is the list of default methods. Feel free to add more. | ||
58 | */ | ||
59 | methods: ['GET', 'HEAD', 'POST', 'PUT', 'DELETE'], | ||
60 | |||
61 | /* | ||
62 | |-------------------------------------------------------------------------- | ||
63 | | Headers | ||
64 | |-------------------------------------------------------------------------- | ||
65 | | | ||
66 | | List of headers to be allowed for `Access-Control-Allow-Headers` header. | ||
67 | | The value can be one of the following: | ||
68 | | | ||
69 | | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers | ||
70 | | | ||
71 | | Boolean(true) - Allow all headers mentioned in `Access-Control-Request-Headers`. | ||
72 | | Boolean(false) - Disallow all headers. | ||
73 | | String - Comma separated list of allowed headers. | ||
74 | | Array - An array of allowed headers. | ||
75 | | Function - Receives the current header and should return one of the above values. | ||
76 | | | ||
77 | */ | ||
78 | headers: true, | ||
79 | |||
80 | /* | ||
81 | |-------------------------------------------------------------------------- | ||
82 | | Expose Headers | ||
83 | |-------------------------------------------------------------------------- | ||
84 | | | ||
85 | | A list of headers to be exposed by setting `Access-Control-Expose-Headers`. | ||
86 | | header. By default following 6 simple response headers are exposed. | ||
87 | | | ||
88 | | Cache-Control | ||
89 | | Content-Language | ||
90 | | Content-Type | ||
91 | | Expires | ||
92 | | Last-Modified | ||
93 | | Pragma | ||
94 | | | ||
95 | | In order to add more headers, simply define them inside the following array. | ||
96 | | | ||
97 | | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers | ||
98 | | | ||
99 | */ | ||
100 | exposeHeaders: [ | ||
101 | 'cache-control', | ||
102 | 'content-language', | ||
103 | 'content-type', | ||
104 | 'expires', | ||
105 | 'last-modified', | ||
106 | 'pragma', | ||
107 | ], | ||
108 | |||
109 | /* | ||
110 | |-------------------------------------------------------------------------- | ||
111 | | Credentials | ||
112 | |-------------------------------------------------------------------------- | ||
113 | | | ||
114 | | Toggle `Access-Control-Allow-Credentials` header. If value is set to `true`, | ||
115 | | then header will be set, otherwise not. | ||
116 | | | ||
117 | | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials | ||
118 | | | ||
119 | */ | ||
120 | credentials: true, | ||
121 | |||
122 | /* | ||
123 | |-------------------------------------------------------------------------- | ||
124 | | MaxAge | ||
125 | |-------------------------------------------------------------------------- | ||
126 | | | ||
127 | | Define `Access-Control-Max-Age` header in seconds. | ||
128 | | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age | ||
129 | | | ||
130 | */ | ||
131 | maxAge: 90, | ||
132 | }; | ||
133 | |||
134 | export default corsConfig; | ||