{"version":3,"file":"fetch-cors.cjs","names":[],"sources":["../../../../src/v2/runtime/core/fetch-cors.ts"],"sourcesContent":["/**\n * Built-in CORS utility for framework-agnostic CopilotKit runtime handler.\n *\n * This is a lightweight CORS implementation for web-standard\n * Request/Response. It's optional — if your framework already handles CORS,\n * pass `cors: false` or omit it.\n */\n\nexport interface CopilotCorsConfig {\n  origin?: string | string[] | ((origin: string) => string | null);\n  credentials?: boolean;\n  allowMethods?: string[];\n  allowHeaders?: string[];\n  exposeHeaders?: string[];\n  maxAge?: number;\n}\n\nconst DEFAULT_METHODS = [\n  \"GET\",\n  \"HEAD\",\n  \"PUT\",\n  \"POST\",\n  \"DELETE\",\n  \"PATCH\",\n  \"OPTIONS\",\n];\nconst DEFAULT_HEADERS = [\"*\"];\n\nfunction resolveOrigin(\n  config: CopilotCorsConfig,\n  requestOrigin: string | null,\n): string | null {\n  const { origin } = config;\n  if (!origin) return \"*\";\n\n  if (typeof origin === \"string\") return origin;\n\n  if (Array.isArray(origin)) {\n    if (!requestOrigin) return null;\n    return origin.includes(requestOrigin) ? requestOrigin : null;\n  }\n\n  if (typeof origin === \"function\") {\n    return requestOrigin ? origin(requestOrigin) : null;\n  }\n\n  return \"*\";\n}\n\nfunction setCorsHeaders(\n  headers: Headers,\n  config: CopilotCorsConfig,\n  requestOrigin: string | null,\n): void {\n  let allowedOrigin = resolveOrigin(config, requestOrigin);\n  if (!allowedOrigin) return;\n\n  // Per the Fetch spec, Access-Control-Allow-Origin: * combined with\n  // Access-Control-Allow-Credentials: true causes browsers to reject the\n  // response. Auto-resolve wildcard to the request origin when credentials\n  // are enabled; if there is no request origin, skip CORS entirely.\n  if (config.credentials && allowedOrigin === \"*\") {\n    if (requestOrigin) {\n      allowedOrigin = requestOrigin;\n    } else {\n      return;\n    }\n  }\n\n  headers.set(\"Access-Control-Allow-Origin\", allowedOrigin);\n\n  if (config.credentials) {\n    headers.set(\"Access-Control-Allow-Credentials\", \"true\");\n  }\n\n  if (config.exposeHeaders?.length) {\n    headers.set(\n      \"Access-Control-Expose-Headers\",\n      config.exposeHeaders.join(\", \"),\n    );\n  }\n\n  // Vary on Origin when it's not a fixed wildcard\n  if (allowedOrigin !== \"*\") {\n    headers.append(\"Vary\", \"Origin\");\n  }\n}\n\n/**\n * Handle CORS preflight (OPTIONS) requests.\n * Returns a 204 Response if it's a preflight, or null if not.\n */\nexport function handleCors(\n  request: Request,\n  config: CopilotCorsConfig,\n): Response | null {\n  if (request.method !== \"OPTIONS\") return null;\n\n  const requestOrigin = request.headers.get(\"origin\");\n  const headers = new Headers();\n\n  setCorsHeaders(headers, config, requestOrigin);\n\n  const methods = config.allowMethods ?? DEFAULT_METHODS;\n  headers.set(\"Access-Control-Allow-Methods\", methods.join(\", \"));\n\n  const allowHeaders = config.allowHeaders ?? DEFAULT_HEADERS;\n  headers.set(\"Access-Control-Allow-Headers\", allowHeaders.join(\", \"));\n\n  if (config.maxAge != null) {\n    headers.set(\"Access-Control-Max-Age\", String(config.maxAge));\n  }\n\n  // Vary headers for correct CDN caching of preflight responses\n  headers.append(\"Vary\", \"Access-Control-Request-Headers\");\n  headers.append(\"Vary\", \"Access-Control-Request-Method\");\n\n  return new Response(null, { status: 204, headers });\n}\n\n/**\n * Add CORS headers to an existing response.\n */\nexport function addCorsHeaders(\n  response: Response,\n  config: CopilotCorsConfig,\n  requestOrigin: string | null,\n): Response {\n  const headers = new Headers(response.headers);\n  setCorsHeaders(headers, config, requestOrigin);\n  return new Response(response.body, {\n    status: response.status,\n    statusText: response.statusText,\n    headers,\n  });\n}\n"],"mappings":";;;AAiBA,MAAM,kBAAkB;CACtB;CACA;CACA;CACA;CACA;CACA;CACA;CACD;AACD,MAAM,kBAAkB,CAAC,IAAI;AAE7B,SAAS,cACP,QACA,eACe;CACf,MAAM,EAAE,WAAW;AACnB,KAAI,CAAC,OAAQ,QAAO;AAEpB,KAAI,OAAO,WAAW,SAAU,QAAO;AAEvC,KAAI,MAAM,QAAQ,OAAO,EAAE;AACzB,MAAI,CAAC,cAAe,QAAO;AAC3B,SAAO,OAAO,SAAS,cAAc,GAAG,gBAAgB;;AAG1D,KAAI,OAAO,WAAW,WACpB,QAAO,gBAAgB,OAAO,cAAc,GAAG;AAGjD,QAAO;;AAGT,SAAS,eACP,SACA,QACA,eACM;CACN,IAAI,gBAAgB,cAAc,QAAQ,cAAc;AACxD,KAAI,CAAC,cAAe;AAMpB,KAAI,OAAO,eAAe,kBAAkB,IAC1C,KAAI,cACF,iBAAgB;KAEhB;AAIJ,SAAQ,IAAI,+BAA+B,cAAc;AAEzD,KAAI,OAAO,YACT,SAAQ,IAAI,oCAAoC,OAAO;AAGzD,KAAI,OAAO,eAAe,OACxB,SAAQ,IACN,iCACA,OAAO,cAAc,KAAK,KAAK,CAChC;AAIH,KAAI,kBAAkB,IACpB,SAAQ,OAAO,QAAQ,SAAS;;;;;;AAQpC,SAAgB,WACd,SACA,QACiB;AACjB,KAAI,QAAQ,WAAW,UAAW,QAAO;CAEzC,MAAM,gBAAgB,QAAQ,QAAQ,IAAI,SAAS;CACnD,MAAM,UAAU,IAAI,SAAS;AAE7B,gBAAe,SAAS,QAAQ,cAAc;CAE9C,MAAM,UAAU,OAAO,gBAAgB;AACvC,SAAQ,IAAI,gCAAgC,QAAQ,KAAK,KAAK,CAAC;CAE/D,MAAM,eAAe,OAAO,gBAAgB;AAC5C,SAAQ,IAAI,gCAAgC,aAAa,KAAK,KAAK,CAAC;AAEpE,KAAI,OAAO,UAAU,KACnB,SAAQ,IAAI,0BAA0B,OAAO,OAAO,OAAO,CAAC;AAI9D,SAAQ,OAAO,QAAQ,iCAAiC;AACxD,SAAQ,OAAO,QAAQ,gCAAgC;AAEvD,QAAO,IAAI,SAAS,MAAM;EAAE,QAAQ;EAAK;EAAS,CAAC;;;;;AAMrD,SAAgB,eACd,UACA,QACA,eACU;CACV,MAAM,UAAU,IAAI,QAAQ,SAAS,QAAQ;AAC7C,gBAAe,SAAS,QAAQ,cAAc;AAC9C,QAAO,IAAI,SAAS,SAAS,MAAM;EACjC,QAAQ,SAAS;EACjB,YAAY,SAAS;EACrB;EACD,CAAC"}