Its posible to use this plugin on a specific (set of ) routes instead of globally?

Question

Its posible to use this plugin on a specific (set of ) routes instead of globally?

develmts opened this issue 8 years ago · 9 comments

Specifically:

Can I do

const cors = require ('kcors');
var optCors = { 'some':'set','of':'options' }
var router = require('koa-router')({prefix: '/api'});
router.use( cors ( {optCors} ) );

or even

router.get('/someUrl', cors(), function* (next){
// some processing
})

instead of the standard documented app.use(cors())

Answer 1 · 2016-10-31T11:38:52.000Z

Should be possible, since this is just middleware.

Note that CORS requests use the HTTP OPTIONS* method instead of GET, so it may not work if you only bind it to GET.

Answer 2 · 2016-11-07T09:22:16.000Z

Curiously, the issue solved one I created fake route for the OPTIONS http verb, for the same route that was failing before. I need to investigate why

Anyway, thanks for your configmation

Answer 3 · 2016-11-07T14:35:40.000Z

@develmts Whoops, of course it was OPTIONS, not HEAD. 🙁

Answer 4 · 2016-11-07T16:33:44.000Z

But supposedly the koa-router should manage this automatically with the router.allowedMethods(), true?

Answer 5 · 2016-11-07T17:34:42.000Z

@develmts I don't think so. You're explicitly telling it to only use GET. I'd probably submit a bug report if it listens to OPTIONS without me allowing that.

Answer 6 · 2016-11-08T16:36:48.000Z

As per koa-router Github Home

router.allowedMethods([options]) ⇒ function

Returns separate middleware for responding to OPTIONS requests with an Allow header containing the
allowed methods, as well as responding with 405 Method Not Allowed and 501 Not Implemented as
appropriate.

Answer 7 · 2016-11-08T21:16:10.000Z

@develmts Interesting, thanks.

Answer 8 · 2019-05-01T19:47:50.000Z

For anyone else coming to this issue, I had some real trouble getting koa/cors & koa-router to play nicely.

In the end I did something like this:

router.all('/mypath', cors({
  origin: (ctx) => {
    const requestOrigin = ctx.get('Origin');
    if (someKindOfTest(requestOrigin)) {
      return requestOrigin;
    }
    return '';
  },
  allowMethods: 'GET,OPTIONS'
}));

Note the use of all() which lets koa-router accept pre-flight OPTIONS calls. If you use...use() you encounter these open issues with koa-router v7: https://github.com/ZijianHe/koa-router/labels/always%20call%20middleware.

Don't forget to add OPTIONS to allowMethods too.

As an aside; in an example in the test file for koa/cors you return false instead of an empty string to indicate that the origin is not allowed. But I'm writing TypeScript and because of the later call to ctx.set() which requires a string as a second argument (the value of the header), it shouldn't really be returning false (it's also not allowed by @types/koa__cors). I appreciate that's a strict typing issue, but I think it would be beneficial to have some clarification in the README as to what the expected return value of the origin function should be.

Answer 9 · 2020-03-14T19:05:35.000Z

@jalada worked for me and saved me a bunch of time, really appreciate it.