Is it possible to enable pre-flight requests ?

[grrbm]

Hey there Francisco,

is it possible to enable pre-flight requests for some or all routes ? How could I do it ?

Thanks !

[franciscop]

Sure, how would you normally do it with e.g. express? You have a CORS example in the documentation, does that help?

[grrbm]

this is how you enable cors preflight with express:

var express = require('express')
var cors = require('cors')
var app = express()

app.options('*', cors()) // include before other routes

This enables pre-flight for all routes, which is what i want.

And yeah, your example helps ! This:

ctx => ctx.method.toLowerCase() === 'options' ? 200 : false

seems to be a simple middleware to enable pre-flight, right ?

I'm using "cors" npm package, so it seems i would have to configure this package itself, in order to enable pre-flight.

By the way, if i just use this:

const cors = [
  ctx => header("Access-Control-Allow-Origin", "*"),
  ctx => header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept"),
  ctx => header("Access-Control-Allow-Methods", "GET, PUT, PATCH, POST, DELETE, HEAD"),
  ctx => ctx.method.toLowerCase() === 'options' ? 200 : false
];

instead of the "cors" package, will it work ?

Anyways,

thanks so much for your fast reply !!

[franciscop]

By the way, if i just use this [...] instead of the "cors" package, will it work?

If you need to ask that question, you would probably better use the cors packages TBH, since it's well documented and explained (and this is a security-critical package after all). Instead of your express example, you can use it with server by wrapping it, either with the snippet on the docs I shared or sth like this if you use import/export:

import server from 'server';
import ExpressCors from 'cors';

const cors = server.utils.modern(ExpressCors({
  origin: ['https://example.com', 'https://example2.com']
}));

// Launch the server with this specific middleware
server({}, cors, ...);