Class: CORSFilter
@divine/web-service.CORSFilter
A CORS-handling WebFilter helper class.
The implementation is configured/customized by overriding the filter's protected methods: _isOriginAllowed, _isMethodAllowed, _isHeaderAllowed, _isHeaderExposed, _isCredentialsSupported and _getMaxAge.
By default, all origins, methods and headers are allowed for 10 minutes. Credentials are not allowed by default.
Implements
Constructors
constructor
• new CORSFilter()
Properties
_excluded
▪ Static Protected Readonly _excluded: Set<string>
Defined in
Methods
_getMaxAge
▸ Protected _getMaxAge(params): number
Returns the number of seconds the information provided by the access-control-allow-methods and
access-control-allow-headers headers can be cached.
The default for this implementation is 600 seconss or 10 minutes. Note that the default value in the CORS
specification, i.e. if no access-control-max-age is sent to the client, is just 5 seconds.
Parameters
| Name | Type | Description |
|---|---|---|
params | CORSFilterParams | Request parameters. |
Returns
number
The number of seconds the client may cache the information.
Defined in
web-service/src/helpers.ts:146
_isCredentialsSupported
▸ Protected _isCredentialsSupported(params): boolean
Checks if credentials should be allowed.
Parameters
| Name | Type | Description |
|---|---|---|
params | CORSFilterParams | Request parameters. |
Returns
boolean
true if credentials should be allowed, else false.
Defined in
web-service/src/helpers.ts:132
_isHeaderAllowed
▸ Protected _isHeaderAllowed(header, params): boolean
Checks if the given request header should be allowed.
Parameters
| Name | Type | Description |
|---|---|---|
header | string | - |
params | CORSFilterParams | Request parameters. |
Returns
boolean
true if the header is allowed, else false.
Defined in
web-service/src/helpers.ts:111
_isHeaderExposed
▸ Protected _isHeaderExposed(header, params): boolean
Checks if the given response header should be exposed to the client.
Parameters
| Name | Type | Description |
|---|---|---|
header | string | - |
params | CORSFilterParams | Request parameters. |
Returns
boolean
true if the header is exposed, else false.
Defined in
web-service/src/helpers.ts:122
_isMethodAllowed
▸ Protected _isMethodAllowed(method, params): boolean
Checks if the given request method should be allowed.
Parameters
| Name | Type | Description |
|---|---|---|
method | string | Name of method. |
params | CORSFilterParams | Request parameters. |
Returns
boolean
true if the method is allowed, else false.
Defined in
web-service/src/helpers.ts:100
_isOriginAllowed
▸ Protected _isOriginAllowed(origin, params): boolean
Checks if the given origin is allowed to make a CORS request.
The CORS specification recommends a server to return FORBIDDEN if a CORS request is denied. You
can do that by throwing a WebError instead of returning false, like this:
protected _isOriginAllowed(origin: string | undefined, params: CORSFilterParams): boolean {
if (origin === 'https://example.com') {
return true;
} else {
throw new WebError(WebStatus.FORBIDDEN, `CORS request from origin ${origin} denied`);
}
}
Parameters
| Name | Type | Description |
|---|---|---|
origin | undefined | string | The value of the origin header, or undefined if the header was not provided. |
params | CORSFilterParams | Request parameters. |
Returns
boolean
true if the request is allowed, else false.
Defined in
filter
▸ filter(next, args, resource): Promise<WebResponse>
Invoked by WebService when the filter should process a request or response.
The filter may act on the request before or after a resource handles the request (or both). Call the next
function to process the request normally and receive the default response. It's also possible to get a reference
to the actual resource instance by calling the resource function. Note that this function may throw a
WebError in case no resource matched the request.
The filter is free to modify the request, the resource instance and/or the response as part of its work.
Parameters
| Name | Type | Description |
|---|---|---|
next | () => Promise<WebResponse> | A function that evaluates the request and returns the default response. |
args | WebArguments | The request arguments. |
resource | () => Promise<WebResource> | A function that returns the resource that this request matched. |
Returns
Promise<WebResponse>