diff --git a/README.md b/README.md index 7825dad..31a8a67 100644 --- a/README.md +++ b/README.md @@ -11,20 +11,46 @@ all server response, securely from all origins, with `access-control-allow-crede ## Example +### Hapi v17 ```js -var Hapi = require('hapi') -var corsHeaders = require('hapi-cors-headers') +const Hapi = require('hapi'); +const corsHeaders = require('hapi-cors-headers'); -var server = new Hapi.Server() +const server = Hapi.Server({ port: 3000 }); + +const provision = async () => { + await server.register(corsHeaders); + ... + await server.start(); +}; + +provision(); +``` + +### Hapi v16 + +```js +const Hapi = require('hapi'); +const corsHeaders = require('hapi-cors-headers'); + +const server = new Hapi.Server(); // setup routes etc ... -server.ext('onPreResponse', corsHeaders) +server.ext('onPreResponse', corsHeaders); ``` ## Install +### Hapi v17 + +```bash +npm install --save hapi-cors-headers@^2.x.x +``` + +### Hapi v16 + ```bash -npm install --save hapi-cors-headers +npm install --save hapi-cors-headers@^1.x.x ``` ## Test diff --git a/index.js b/index.js index 35161aa..7ee8fdd 100644 --- a/index.js +++ b/index.js @@ -1,30 +1,39 @@ -module.exports = addCorsHeaders +const pkg = require('./package.json'); -function addCorsHeaders (request, reply) { - if (!request.headers.origin) { - return reply.continue() - } +const register = (server, { + maxAge = 60 * 10, // 10 minutes +}) => { + server.ext({ + type: 'onPreResponse', + method: (request, h) => { + if (!request.headers.origin) { + return h.continue; + } - // depending on whether we have a boom or not, - // headers need to be set differently. - var response = request.response.isBoom ? request.response.output : request.response + // depending on whether we have a boom or not, + // headers need to be set differently. + const response = request.response.isBoom ? request.response.output : request.response; - response.headers['access-control-allow-origin'] = request.headers.origin - response.headers['access-control-allow-credentials'] = 'true' - if (request.method !== 'options') { - return reply.continue() - } + response.headers['access-control-allow-origin'] = request.headers.origin; + response.headers['access-control-allow-credentials'] = 'true'; + if (request.method !== 'options') { + return h.continue; + } - response.statusCode = 200 - response.headers['access-control-expose-headers'] = 'content-type, content-length, etag' - response.headers['access-control-max-age'] = 60 * 10 // 10 minutes - // dynamically set allowed headers & method - if (request.headers['access-control-request-headers']) { - response.headers['access-control-allow-headers'] = request.headers['access-control-request-headers'] - } - if (request.headers['access-control-request-method']) { - response.headers['access-control-allow-methods'] = request.headers['access-control-request-method'] - } + response.statusCode = 200; + response.headers['access-control-expose-headers'] = 'content-type, content-length, etag'; + response.headers['access-control-max-age'] = maxAge; + // dynamically set allowed headers & method + if (request.headers['access-control-request-headers']) { + response.headers['access-control-allow-headers'] = request.headers['access-control-request-headers']; + } + if (request.headers['access-control-request-method']) { + response.headers['access-control-allow-methods'] = request.headers['access-control-request-method']; + } - reply.continue() -} + return h.continue; + }, + }); +}; + +module.exports = { register, pkg }; diff --git a/package.json b/package.json index 8aa264b..e1e16a1 100644 --- a/package.json +++ b/package.json @@ -2,6 +2,7 @@ "name": "hapi-cors-headers", "description": "hapi extension to enable CORS", "main": "index.js", + "version": "2.0.0", "scripts": { "pretest": "standard", "coverage": "tap --coverage-report=html",