CORS headers middleware for Shelf
A Shelf middleware to add CORS headers to shelf responses.
Features
- Handles preflight requests.
- Allows override of default headers.
- Allows user to provide their own origin checker function.
Usage
A simple usage example:
import 'package:shelf/shelf.dart';
import 'package:shelf/shelf_io.dart';
import 'package:shelf_cors_headers/shelf_cors_headers.dart';
void main() async {
var handler = const Pipeline()
// Just add corsHeaders() middleware.
.addMiddleware(corsHeaders())
.addHandler(_requestHandler);
await serve(handler, 'localhost', 8080);
}
Response _requestHandler(Request request) {
return Response.ok('Request for "${request.url}"');
}
Override Headers
import 'package:shelf/shelf.dart';
import 'package:shelf/shelf_io.dart';
import 'package:shelf_cors_headers/shelf_cors_headers.dart';
void main() async {
// optionally override default headers
final overrideHeaders = {
ACCESS_CONTROL_ALLOW_ORIGIN: 'example.com',
'Content-Type': 'application/json;charset=utf-8'
};
var handler = const Pipeline()
// Just add corsHeaders() middleware and pass your header overrides.
.addMiddleware(corsHeaders(headers: overrideHeaders))
.addHandler(_requestHandler);
await serve(handler, 'localhost', 8080);
}
Response _requestHandler(Request request) {
return Response.ok('Request for "${request.url}"');
}
Custom origin checker
Your origin checker function should consume a string as a parameter(the value of ORIGIN header) and return a boolean value indicating if this middleware should process the request from that origin.
import 'package:shelf/shelf.dart';
import 'package:shelf/shelf_io.dart';
import 'package:shelf_cors_headers/shelf_cors_headers.dart';
// define our origin checker
bool dontCheckCNNRequests(String origin) {
if (origin.contains('cnn.com')) return false;
return true;
}
void main() async {
// optionally override default headers
final overrideHeaders = {
'Content-Type': 'application/json;charset=utf-8'
};
var handler = const Pipeline()
// Just add corsHeaders() middleware and pass your origin checker
.addMiddleware(corsHeaders(headers: overrideHeaders, originChecker: dontCheckCNNRequests))
.addHandler(_requestHandler);
await serve(handler, 'localhost', 8080);
}
Response _requestHandler(Request request) {
return Response.ok('Request for "${request.url}"');
}
You can also use the inbuilt originOneOf which takes a list of origins to check:
import 'package:shelf/shelf.dart';
import 'package:shelf/shelf_io.dart';
import 'package:shelf_cors_headers/shelf_cors_headers.dart';
// define our origin checker
final listChecker = originOneOf(['https://cnn.com', 'https://dart.dev'])
void main() async {
// optionally override default headers
final overrideHeaders = {
'Content-Type': 'application/json;charset=utf-8'
};
var handler = const Pipeline()
// Just add corsHeaders() middleware and pass your origin checker
.addMiddleware(corsHeaders(headers: overrideHeaders, originChecker: listChecker))
.addHandler(_requestHandler);
await serve(handler, 'localhost', 8080);
}
Response _requestHandler(Request request) {
return Response.ok('Request for "${request.url}"');
}
Libraries
- shelf_cors_headers
- Support for doing something awesome.