Class: CORSFilter
@divine/web-service.CORSFilter
A CORS-handling WebFilter helper class.
The implementation is configured/customized by overriding the filter's protected methods: _isOriginAllowed, _isMethodAllowed, _isHeaderAllowed, _isHeaderExposed, _isCredentialsSupported and _getMaxAge.
By default, all origins, methods and headers are allowed for 10 minutes. Credentials are not allowed by default.
Implements
Constructors
constructor
• new CORSFilter()
Properties
_excluded
▪ Static
Protected
Readonly
_excluded: Set
<string
>
Defined in
Methods
_getMaxAge
▸ Protected
_getMaxAge(params
): number
Returns the number of seconds the information provided by the access-control-allow-methods
and
access-control-allow-headers
headers can be cached.
The default for this implementation is 600 seconss or 10 minutes. Note that the default value in the CORS
specification, i.e. if no access-control-max-age
is sent to the client, is just 5 seconds.
Parameters
Name | Type | Description |
---|---|---|
params | CORSFilterParams | Request parameters. |
Returns
number
The number of seconds the client may cache the information.
Defined in
web-service/src/helpers.ts:146
_isCredentialsSupported
▸ Protected
_isCredentialsSupported(params
): boolean
Checks if credentials should be allowed.
Parameters
Name | Type | Description |
---|---|---|
params | CORSFilterParams | Request parameters. |
Returns
boolean
true
if credentials should be allowed, else false
.
Defined in
web-service/src/helpers.ts:132
_isHeaderAllowed
▸ Protected
_isHeaderAllowed(header
, params
): boolean
Checks if the given request header should be allowed.
Parameters
Name | Type | Description |
---|---|---|
header | string | - |
params | CORSFilterParams | Request parameters. |
Returns
boolean
true
if the header is allowed, else false
.
Defined in
web-service/src/helpers.ts:111
_isHeaderExposed
▸ Protected
_isHeaderExposed(header
, params
): boolean
Checks if the given response header should be exposed to the client.
Parameters
Name | Type | Description |
---|---|---|
header | string | - |
params | CORSFilterParams | Request parameters. |
Returns
boolean
true
if the header is exposed, else false
.
Defined in
web-service/src/helpers.ts:122
_isMethodAllowed
▸ Protected
_isMethodAllowed(method
, params
): boolean
Checks if the given request method should be allowed.
Parameters
Name | Type | Description |
---|---|---|
method | string | Name of method. |
params | CORSFilterParams | Request parameters. |
Returns
boolean
true
if the method is allowed, else false
.
Defined in
web-service/src/helpers.ts:100
_isOriginAllowed
▸ Protected
_isOriginAllowed(origin
, params
): boolean
Checks if the given origin
is allowed to make a CORS request.
The CORS specification recommends a server to return FORBIDDEN if a CORS request is denied. You
can do that by throwing a WebError instead of returning false
, like this:
protected _isOriginAllowed(origin: string | undefined, params: CORSFilterParams): boolean {
if (origin === 'https://example.com') {
return true;
} else {
throw new WebError(WebStatus.FORBIDDEN, `CORS request from origin ${origin} denied`);
}
}
Parameters
Name | Type | Description |
---|---|---|
origin | undefined | string | The value of the origin header, or undefined if the header was not provided. |
params | CORSFilterParams | Request parameters. |
Returns
boolean
true
if the request is allowed, else false
.
Defined in
filter
▸ filter(next
, args
, resource
): Promise
<WebResponse
>
Invoked by WebService when the filter should process a request or response.
The filter may act on the request before or after a resource handles the request (or both). Call the next
function to process the request normally and receive the default response. It's also possible to get a reference
to the actual resource instance by calling the resource
function. Note that this function may throw a
WebError in case no resource matched the request.
The filter is free to modify the request, the resource instance and/or the response as part of its work.
Parameters
Name | Type | Description |
---|---|---|
next | () => Promise <WebResponse > | A function that evaluates the request and returns the default response. |
args | WebArguments | The request arguments. |
resource | () => Promise <WebResource > | A function that returns the resource that this request matched. |
Returns
Promise
<WebResponse
>