core/middleware/cors.js

/**
 * 跨域中间件
 * @author yutent<yutent.io@gmail.com>
 * @date 2020/09/18 14:55:49
 */

import url from 'url'

export default function (req, res, next) {
  var CORS = this.get('cors')

  if (CORS.enabled) {
    var origin = req.header('origin') || req.header('referer') || ''
    var headers = req.header('access-control-request-headers')
    var { hostname, host, protocol } = url.parse(origin)

    if (CORS.origin.length && hostname) {
      var pass = false
      for (let it of CORS.origin) {
        if (hostname.endsWith(it)) {
          pass = true
          break
        }
      }
      if (pass === false) {
        return res.end('')
      }
    }
    if (CORS.credentials) {
      res.set('Access-Control-Allow-Credentials', 'true')
    }

    res.set('Access-Control-Allow-Origin', `${protocol}//${host}`)
    res.set('Access-Control-Allow-Methods', 'GET,HEAD,POST,PUT,DELETE,PATCH')

    if (headers) {
      res.set('Access-Control-Allow-Headers', headers)
    }

    if (CORS.maxAge) {
      res.set('Access-Control-Max-Age', CORS.maxAge)
    }

    if (req.method === 'OPTIONS') {
      return res.end('')
    }
  }
  next()
}
init 2020-09-15 18:35:00 +08:00			`/**`
更新依赖引入 2020-09-18 18:14:47 +08:00			`* 跨域中间件`
			`* @author yutent<yutent.io@gmail.com>`
			`* @date 2020/09/18 14:55:49`
init 2020-09-15 18:35:00 +08:00			`*/`

更新依赖引入 2020-09-18 18:14:47 +08:00			`import url from 'url'`
init 2020-09-15 18:35:00 +08:00
update 2022-07-04 14:57:29 +08:00			`export default function (req, res, next) {`
优化中间件/路由/跨域 2020-09-22 19:58:29 +08:00			`var CORS = this.get('cors')`
init 2020-09-15 18:35:00 +08:00
优化中间件/路由/跨域 2020-09-22 19:58:29 +08:00			`if (CORS.enabled) {`
init 2020-09-15 18:35:00 +08:00			`var origin = req.header('origin') \|\| req.header('referer') \|\| ''`
			`var headers = req.header('access-control-request-headers')`
优化中间件/路由/跨域 2020-09-22 19:58:29 +08:00			`var { hostname, host, protocol } = url.parse(origin)`
init 2020-09-15 18:35:00 +08:00
优化中间件/路由/跨域 2020-09-22 19:58:29 +08:00			`if (CORS.origin.length && hostname) {`
优化跨域配置;更新文档 2020-09-30 14:25:08 +08:00			`var pass = false`
			`for (let it of CORS.origin) {`
			`if (hostname.endsWith(it)) {`
			`pass = true`
			`break`
			`}`
			`}`
			`if (pass === false) {`
init 2020-09-15 18:35:00 +08:00			`return res.end('')`
			`}`
			`}`
优化跨域配置;更新文档 2020-09-30 14:25:08 +08:00			`if (CORS.credentials) {`
			`res.set('Access-Control-Allow-Credentials', 'true')`
			`}`

优化中间件/路由/跨域 2020-09-22 19:58:29 +08:00			res.set('Access-Control-Allow-Origin', `${protocol}//${host}`)
优化cors,更好的支持RESFULAPI 2021-04-14 15:34:58 +08:00			`res.set('Access-Control-Allow-Methods', 'GET,HEAD,POST,PUT,DELETE,PATCH')`
优化中间件/路由/跨域 2020-09-22 19:58:29 +08:00
init 2020-09-15 18:35:00 +08:00			`if (headers) {`
			`res.set('Access-Control-Allow-Headers', headers)`
			`}`
优化中间件/路由/跨域 2020-09-22 19:58:29 +08:00
			`if (CORS.maxAge) {`
			`res.set('Access-Control-Max-Age', CORS.maxAge)`
init 2020-09-15 18:35:00 +08:00			`}`
优化中间件/路由/跨域 2020-09-22 19:58:29 +08:00
init 2020-09-15 18:35:00 +08:00			`if (req.method === 'OPTIONS') {`
			`return res.end('')`
			`}`
			`}`
			`next()`
			`}`