Plugin for elysia that for Cross Origin Requests (CORs)
bun add @elysiajs/cors
import { Elysia } from 'elysia'
import { cors } from '@elysiajs/cors'
const app = new Elysia()
.use(cors())
.listen(8080)
@default true
Assign the Access-Control-Allow-Origin header.
Value can be one of the following:
-
string
- String of origin which will directly assign toAccess-Control-Allow-Origin
-
boolean
- If set to true,Access-Control-Allow-Origin
will be set to*
(accept all origin) -
RegExp
- Pattern to use to test with request's url, will accept origin if matched. -
Function
- Custom logic to validate origin acceptance or not. will accept origin iftrue
is returned.- Function will accepts
Context
just likeHandler
// Example usage app.use(cors, { origin: ({ request, headers }) => true }) // Type Definition type CORSOriginFn = (context: Context) => boolean | void
- Function will accepts
-
Array<string | RegExp | Function>
- Will try to find truthy value of all options above. Will accept Request if one istrue
.
@default *
Assign Access-Control-Allow-Methods header.
Value can be one of the following: Accept:
-
undefined | null | ''
- Ignore all methods. -
*
- Accept all methods. -
HTTPMethod
- Will be directly set to Access-Control-Allow-Methods.- Expects either a single method or a comma-delimited string (eg: 'GET, PUT, POST')
-
HTTPMethod[]
- Allow multiple HTTP methods.- eg: ['GET', 'PUT', 'POST']
@default *
Assign Access-Control-Allow-Headers header.
Allow incoming request with the specified headers.
Value can be one of the following:
-
string
- Expects either a single method or a comma-delimited string (eg: 'Content-Type, Authorization').
-
string[]
- Allow multiple HTTP methods.- eg: ['Content-Type', 'Authorization']
@default *
Assign Access-Control-Exposed-Headers header.
Return the specified headers to request in CORS mode.
Value can be one of the following:
-
string
- Expects either a single method or a comma-delimited string (eg: 'Content-Type, 'X-Powered-By').
-
string[]
- Allow multiple HTTP methods.- eg: ['Content-Type', 'X-Powered-By']
@default true
Assign Access-Control-Allow-Credentials header.
Allow incoming requests to send credentials
header.
-
boolean
- Available if set totrue
.
@default 5
Assign Access-Control-Max-Age header.
Allow incoming requests to send credentials
header.
-
number
- Duration in seconds to indicates how long the results of a preflight request can be cached.
@default true
Add [OPTIONS] /*
handler to handle preflight request which response with HTTP 204
and CORS hints.
-
boolean
- Available if set totrue
.