Hapi v17 support

README.md

@@ -11,20 +11,46 @@ all server response, securely from all origins, with `access-control-allow-crede
 
 ## Example
 
+### Hapi v17
 ```js
-var Hapi = require('hapi')
-var corsHeaders = require('hapi-cors-headers')
+const Hapi = require('hapi');
+const corsHeaders = require('hapi-cors-headers');
 
-var server = new Hapi.Server()
+const server = Hapi.Server({ port: 3000 });
+
+const provision = async () => {
+    await server.register(corsHeaders);
+    ...
+    await server.start();
+};
+
+provision();
+```
+
+### Hapi v16
+
+```js
+const Hapi = require('hapi');
+const corsHeaders = require('hapi-cors-headers');
+
+const server = new Hapi.Server();
 // setup routes etc ...
 
-server.ext('onPreResponse', corsHeaders)
+server.ext('onPreResponse', corsHeaders);
 ```
 
 ## Install
 
+### Hapi v17
+
+```bash
+npm install --save hapi-cors-headers@^2.x.x
+```
+
+### Hapi v16
+
 ```bash
-npm install --save hapi-cors-headers
+npm install --save hapi-cors-headers@^1.x.x
 ```
 
 ## Test

index.js

@@ -1,30 +1,39 @@
-module.exports = addCorsHeaders
+const pkg = require('./package.json');
 
-function addCorsHeaders (request, reply) {
-  if (!request.headers.origin) {
-    return reply.continue()
-  }
+const register = (server, {
+  maxAge = 60 * 10, // 10 minutes
+}) => {
+  server.ext({
+    type: 'onPreResponse',
+    method: (request, h) => {
+      if (!request.headers.origin) {
+        return h.continue;
+      }
 
-  // depending on whether we have a boom or not,
-  // headers need to be set differently.
-  var response = request.response.isBoom ? request.response.output : request.response
+      // depending on whether we have a boom or not,
+      // headers need to be set differently.
+      const response = request.response.isBoom ? request.response.output : request.response;
 
-  response.headers['access-control-allow-origin'] = request.headers.origin
-  response.headers['access-control-allow-credentials'] = 'true'
-  if (request.method !== 'options') {
-    return reply.continue()
-  }
+      response.headers['access-control-allow-origin'] = request.headers.origin;
+      response.headers['access-control-allow-credentials'] = 'true';
+      if (request.method !== 'options') {
+        return h.continue;
+      }
 
-  response.statusCode = 200
-  response.headers['access-control-expose-headers'] = 'content-type, content-length, etag'
-  response.headers['access-control-max-age'] = 60 * 10 // 10 minutes
-  // dynamically set allowed headers & method
-  if (request.headers['access-control-request-headers']) {
-    response.headers['access-control-allow-headers'] = request.headers['access-control-request-headers']
-  }
-  if (request.headers['access-control-request-method']) {
-    response.headers['access-control-allow-methods'] = request.headers['access-control-request-method']
-  }
+      response.statusCode = 200;
+      response.headers['access-control-expose-headers'] = 'content-type, content-length, etag';
+      response.headers['access-control-max-age'] = maxAge;
+      // dynamically set allowed headers & method
+      if (request.headers['access-control-request-headers']) {
+        response.headers['access-control-allow-headers'] = request.headers['access-control-request-headers'];
+      }
+      if (request.headers['access-control-request-method']) {
+        response.headers['access-control-allow-methods'] = request.headers['access-control-request-method'];
+      }
 
-  reply.continue()
-}
+      return h.continue;
+    },
+  });
+};
+
+module.exports = { register, pkg };

package.json

@@ -2,6 +2,7 @@
   "name": "hapi-cors-headers",
   "description": "hapi extension to enable CORS",
   "main": "index.js",
+  "version": "2.0.0",
   "scripts": {
     "pretest": "standard",
     "coverage": "tap --coverage-report=html",