Aktueller Stand
This commit is contained in:
29
backend/node_modules/@fastify/cors/index.js
generated
vendored
29
backend/node_modules/@fastify/cors/index.js
generated
vendored
@@ -8,7 +8,7 @@ const {
|
||||
|
||||
const defaultOptions = {
|
||||
origin: '*',
|
||||
methods: 'GET,HEAD,PUT,PATCH,POST,DELETE',
|
||||
methods: 'GET,HEAD,POST',
|
||||
hook: 'onRequest',
|
||||
preflightContinue: false,
|
||||
optionsSuccessStatus: 204,
|
||||
@@ -46,17 +46,18 @@ function fastifyCors (fastify, opts, next) {
|
||||
fastify.decorateRequest('corsPreflightEnabled', false)
|
||||
|
||||
let hideOptionsRoute = true
|
||||
let logLevel
|
||||
|
||||
if (typeof opts === 'function') {
|
||||
handleCorsOptionsDelegator(opts, fastify, { hook: defaultOptions.hook }, next)
|
||||
} else if (opts.delegator) {
|
||||
const { delegator, ...options } = opts
|
||||
handleCorsOptionsDelegator(delegator, fastify, options, next)
|
||||
} else {
|
||||
if (opts.hideOptionsRoute !== undefined) hideOptionsRoute = opts.hideOptionsRoute
|
||||
const corsOptions = normalizeCorsOptions(opts)
|
||||
validateHook(corsOptions.hook, next)
|
||||
if (hookWithPayload.indexOf(corsOptions.hook) !== -1) {
|
||||
fastify.addHook(corsOptions.hook, function handleCors (req, reply, payload, next) {
|
||||
fastify.addHook(corsOptions.hook, function handleCors (req, reply, _payload, next) {
|
||||
addCorsHeadersHandler(fastify, corsOptions, req, reply, next)
|
||||
})
|
||||
} else {
|
||||
@@ -65,6 +66,8 @@ function fastifyCors (fastify, opts, next) {
|
||||
})
|
||||
}
|
||||
}
|
||||
if (opts.logLevel !== undefined) logLevel = opts.logLevel
|
||||
if (opts.hideOptionsRoute !== undefined) hideOptionsRoute = opts.hideOptionsRoute
|
||||
|
||||
// The preflight reply must occur in the hook. This allows fastify-cors to reply to
|
||||
// preflight requests BEFORE possible authentication plugins. If the preflight reply
|
||||
@@ -72,7 +75,8 @@ function fastifyCors (fastify, opts, next) {
|
||||
// remove most headers (such as the Authentication header).
|
||||
//
|
||||
// This route simply enables fastify to accept preflight requests.
|
||||
fastify.options('*', { schema: { hide: hideOptionsRoute } }, (req, reply) => {
|
||||
|
||||
fastify.options('*', { schema: { hide: hideOptionsRoute }, logLevel }, (req, reply) => {
|
||||
if (!req.corsPreflightEnabled) {
|
||||
// Do not handle preflight requests if the origin option disabled CORS
|
||||
reply.callNotFound()
|
||||
@@ -86,11 +90,11 @@ function fastifyCors (fastify, opts, next) {
|
||||
}
|
||||
|
||||
function handleCorsOptionsDelegator (optionsResolver, fastify, opts, next) {
|
||||
const hook = (opts && opts.hook) || defaultOptions.hook
|
||||
const hook = opts?.hook || defaultOptions.hook
|
||||
validateHook(hook, next)
|
||||
if (optionsResolver.length === 2) {
|
||||
if (hookWithPayload.indexOf(hook) !== -1) {
|
||||
fastify.addHook(hook, function handleCors (req, reply, payload, next) {
|
||||
fastify.addHook(hook, function handleCors (req, reply, _payload, next) {
|
||||
handleCorsOptionsCallbackDelegator(optionsResolver, fastify, req, reply, next)
|
||||
})
|
||||
} else {
|
||||
@@ -101,7 +105,7 @@ function handleCorsOptionsDelegator (optionsResolver, fastify, opts, next) {
|
||||
} else {
|
||||
if (hookWithPayload.indexOf(hook) !== -1) {
|
||||
// handle delegator based on Promise
|
||||
fastify.addHook(hook, function handleCors (req, reply, payload, next) {
|
||||
fastify.addHook(hook, function handleCors (req, reply, _payload, next) {
|
||||
const ret = optionsResolver(req)
|
||||
if (ret && typeof ret.then === 'function') {
|
||||
ret.then(options => addCorsHeadersHandler(fastify, normalizeCorsOptions(options, true), req, reply, next)).catch(next)
|
||||
@@ -152,7 +156,9 @@ function normalizeCorsOptions (opts, dynamic) {
|
||||
return corsOptions
|
||||
}
|
||||
|
||||
function addCorsHeadersHandler (fastify, options, req, reply, next) {
|
||||
function addCorsHeadersHandler (fastify, globalOptions, req, reply, next) {
|
||||
const options = { ...globalOptions, ...req.routeOptions.config?.cors }
|
||||
|
||||
if ((typeof options.origin !== 'string' && options.origin !== false) || options.dynamic) {
|
||||
// Always set Vary header for non-static origin option
|
||||
// https://fetch.spec.whatwg.org/#cors-protocol-and-http-caches
|
||||
@@ -171,6 +177,11 @@ function addCorsHeadersHandler (fastify, options, req, reply, next) {
|
||||
return next()
|
||||
}
|
||||
|
||||
// Allow routes to disable CORS individually
|
||||
if (req.routeOptions.config?.cors === false) {
|
||||
return next()
|
||||
}
|
||||
|
||||
// Falsy values are invalid
|
||||
if (!resolvedOriginOption) {
|
||||
return next(new Error('Invalid CORS origin option'))
|
||||
@@ -294,7 +305,7 @@ function isRequestOriginAllowed (reqOrigin, allowedOrigin) {
|
||||
}
|
||||
|
||||
const _fastifyCors = fp(fastifyCors, {
|
||||
fastify: '4.x',
|
||||
fastify: '5.x',
|
||||
name: '@fastify/cors'
|
||||
})
|
||||
|
||||
|
||||
Reference in New Issue
Block a user