feat: add disableCORS option to server options

d-i-t-a / dita-streamer-js

BSD 3-Clause "New" or "Revised" License

4 stars 2 forks source link

feat: add disableCORS option to server options #35

Open paganellif opened 4 months ago

paganellif commented 4 months ago

This feature allows you to disable CORS via the server options

Closes #34

danielweck commented 4 months ago

Wholesale disabling of CORS may have its uses, but I think it would be a lot more useful if consumers of this package were able to set the "allow origins" (for example) as a wildcard asterisk * typically gets rejected by HTTP clients with "credentials" (for example).

https://github.com/d-i-t-a/dita-streamer-js/blob/ff2a502d90d462fba474b9e33954afae6d0a841d/src/http/server.ts#L297-L311

paganellif commented 4 months ago

I agree with you, but I think both are a useful feature. CORS could perhaps be handled better using the CORS package as indicated in the express documentation. If you agree I can refactor it with these changes.

paganellif commented 4 months ago

With the latest changes, it works behind an API gateway with CORS enabled and allowedOrigins defined in the serverOptions. I've also updated the custom route methods (i.e. expressUse and expressGet) and the example in the README that shows how to enable CORS in these cases.