import type { HttpLayer } from "../../layer/index.js"; import type { HttpService } from "../../service/index.js"; import { type AllowCredentialsLike } from "./allow-credentials.js"; import { type AllowHeadersLike } from "./allow-headers.js"; import { type AllowMethodsLike } from "./allow-methods.js"; import { type AllowOriginLike } from "./allow-origin.js"; import { type AllowPrivateNetworkLike } from "./allow-private-network.js"; import { type ExposeHeadersLike } from "./expose-headers.js"; import { type MaxAgeLike } from "./max-age.js"; import { type VaryLike } from "./vary.js"; export * from "./allow-credentials.js"; export * from "./allow-headers.js"; export * from "./allow-methods.js"; export * from "./allow-origin.js"; export * from "./allow-private-network.js"; export * from "./expose-headers.js"; export * from "./max-age.js"; export * from "./support.js"; export * from "./vary.js"; /** * A layer that sets CORS headers on the response. * * @example * ```ts * import { CorsLayer } from "@taxum/core/middleware/cors"; * import { m, Router } from "@taxum/core/routing"; * * const router = new Router() * .route("/", m.get(() => "Hello World)) * .layer(CorsLayer.permissive()); * ``` * * @see [MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) */ export declare class CorsLayer implements HttpLayer { private allowCredentials_; private allowHeaders_; private allowMethods_; private allowOrigin_; private allowPrivateNetwork_; private exposeHeaders_; private maxAge_; private vary_; /** * A permissive configuration: * * - All request headers allowed. * - All methods allowed. * - All origins allowed. * - All headers exposed. */ static permissive(): CorsLayer; /** * A very permissive configuration: * * - **Credentials allowed.** * - The method received in `Access-Control-Request-Method` is sent back * as an allowed method. * - The origin of the preflight request is sent back as an allowed origin. * - The header names received in `Access-Control-Request-Headers` are sent * back as allowed headers. * - No headers are currently exposed, but this may change in the future. */ static veryPermissive(): CorsLayer; /** * Sets the `Access-Control-Allow-Credentials` header. * * @see [MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials) * * @example * ```ts * import { CorsLayer } from "@taxum/core/middleware/cors"; * * const layer = CorsLayer.default().allowCredentials(true); * ``` */ allowCredentials(allowCredentials: AllowCredentialsLike): this; /** * Sets the `Access-Control-Allow-Headers` header. * * Note that `Access-Control-Allow-Headers` is required for requests that have * `Access-Control-Request-Headers`. * * @see [MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers) * * @example * ```ts * import { CorsLayer } from "@taxum/core/middleware/cors"; * * const layer = CorsLayer.default().allowHeaders(["authorization", "accept"]); * ``` * * All headers can be allowed with: * * @example * ```ts * import { CorsLayer, ANY } from "@taxum/core/middleware/cors"; * * const layer = CorsLayer.default().allowHeaders(ANY); * ``` */ allowHeaders(allowHeaders: AllowHeadersLike): this; /** * Sets the `Access-Control-Allow-Methods` header. * * @see [MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods) * * @example * ```ts * import { CorsLayer } from "@taxum/core/middleware/cors"; * * const layer = CorsLayer.default().allowMethods(["GET", "POST"]); * ``` * * All methods can be allowed with: * * @example * ```ts * import { CorsLayer, ANY } from "@taxum/core/middleware/cors"; * * const layer = CorsLayer.default().allowMethods(ANY); * ``` */ allowMethods(allowMethods: AllowMethodsLike): this; /** * Sets the `Access-Control-Allow-Origin` header. * * @see [MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin) * * @example * ```ts * import { CorsLayer } from "@taxum/core/middleware/cors"; * * const layer = CorsLayer.default().allowOrigin("https://example.com"); * ``` * * Multiple origins can be allowed with: * * @example * ```ts * import { CorsLayer } from "@taxum/core/middleware/cors"; * * const layer = CorsLayer.default().allowOrigin(["http://example.com", "https://api.example.com"]); * ``` * * All origins can be allowed with: * * @example * ```ts * import { CorsLayer, ANY } from "@taxum/core/middleware/cors"; * * const layer = CorsLayer.default().allowOrigin(ANY); * ``` * * You can also use a function to dynamically determine the allowed origin: * * @example * ```ts * import { CorsLayer, ANY } from "@taxum/core/middleware/cors"; * * const layer = CorsLayer.default().allowOrigin((origin, parts) => { * if (req.headers.get("x-custom-header") === "true") { * return "https://example.com"; * } * }); */ allowOrigin(allowOrigin: AllowOriginLike): this; /** * Sets the `Access-Control-Allow-Private-Network` header. * * @see [MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Private-Network) * * @example * ```ts * import { CorsLayer } from "@taxum/core/middleware/cors"; * * const layer = CorsLayer.default().allowPrivateNetwork(true); * ``` */ allowPrivateNetwork(allowPrivateNetwork: AllowPrivateNetworkLike): this; /** * Sets the `Access-Control-Expose-Headers` header. * * @see [MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers) * * @example * ```ts * import { CorsLayer } from "@taxum/core/middleware/cors"; * * const layer = CorsLayer.default().exposeHeaders(["content-encoding"]); * ```` * * All headers can be allowed with: * * @example * ```ts * import { CorsLayer, ANY } from "@taxum/core/middleware/cors"; * * const layer = CorsLayer.default().exposeHeaders(ANY); * ``` */ exposeHeaders(exposeHeaders: ExposeHeadersLike): this; /** * Sets the `Access-Control-Max-Age` header. * * @see [MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age) * * @example * ```ts * import { CorsLayer } from "@taxum/core/middleware/cors"; * * const layer = CorsLayer.default().maxAge(600); * ``` * * By default, the header will not be set which disables caching and will * require a preflight request for each request. * * Note that each browser has a maximum internal value that takes precedence * when the `Access-Control-Max-Age` header is greater. * * If you need more flexibility, you can supply a function which can * dynamically decide the max-age based on the origin and other parts of * each preflight request: * * @example * ```ts * import { CorsLayer } from "@taxum/core/middleware/cors"; * import { MaxAge } from "@taxum/core/middleware/cors/max-age"; * * const layer = CorsLayer.default().maxAge((origin, parts) => 600); * ``` */ maxAge(maxAge: MaxAgeLike): this; /** * Sets the `Vary` header. * * In contrast to other headers, this one has a non-empty default of * {@link PREFLIGHT_REQUEST_HEADERS}. * * You only need to set this if you want to remove some of these defaults, * or if you use a function for one of the other headers and want to add a * `vary` header accordingly. * * @see [MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Vary) */ vary(vary: VaryLike): this; /** * @throws {@link !Error} if the CORS configuration is invalid. */ layer(inner: HttpService): HttpService; private ensureUsableCorsRules; }