sirtimbly/bewcloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c1443191ce4f4b38480bbf7da355f20878fb5574
bewcloud/routes/_middleware.tsx
Bruno Bernardino c1443191ce Better CORS response
2024-04-07 08:25:07 +01:00

73 lines
2.5 KiB
TypeScript
Raw Blame History

import { FreshContext } from 'fresh/server.ts';
import { FreshContextState } from '/lib/types.ts';
import { getDataFromRequest } from '/lib/auth.ts';
export const handler = [
async function handleCors(request: Request, context: FreshContext<FreshContextState>) {
if (request.method == 'OPTIONS') {
const response = new Response(null, {
status: 204,
});
const origin = request.headers.get('Origin') || '*';
const headers = response.headers;
headers.set('Access-Control-Allow-Origin', origin);
headers.set('Access-Control-Allow-Credentials', 'true');
headers.set('Access-Control-Allow-Methods', 'POST, OPTIONS, GET, PUT, DELETE');
headers.set(
'Access-Control-Allow-Headers',
'Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With',
);
return response;
}
const origin = request.headers.get('Origin') || '*';
const response = await context.next();
const headers = response.headers;
headers.set('Access-Control-Allow-Origin', origin);
headers.set('Access-Control-Allow-Credentials', 'true');
headers.set(
'Access-Control-Allow-Headers',
'Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With',
);
headers.set(
'Access-Control-Allow-Methods',
'POST, OPTIONS, GET, PUT, DELETE',
);
headers.set(
'Content-Security-Policy',
"default-src 'self'; child-src 'none'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'",
);
headers.set('X-Frame-Options', 'DENY');
headers.set('X-Content-Type-Options', 'nosniff');
headers.set('Strict-Transport-Security', 'max-age=31536000; includeSubDomains; preload');
return response;
},
async function handleContextState(request: Request, context: FreshContext<FreshContextState>) {
const { user, session } = (await getDataFromRequest(request)) || {};
if (user) {
context.state.user = user;
}
if (session) {
context.state.session = session;
}
const response = await context.next();
return response;
},
async function handleLogging(request: Request, context: FreshContext<FreshContextState>) {
const response = await context.next();
console.info(`${new Date().toISOString()} - [${response.status}] ${request.method} ${request.url}`);
return response;
},
];
Reference in New Issue View Git Blame Copy Permalink