Serverless.Cors

CORS Middleware for elm-serverless.

Types


type alias Config =

{ origin : Serverless.Cors.Reflectable (List.List String.String), expose : List.List String.String, maxAge : Basics.Int, credentials : Basics.Bool, methods : List.List Serverless.Conn.Request.Method, headers : Serverless.Cors.Reflectable (List.List String.String) }

Specify all CORS configuration in one record.


type Reflectable a

= Reflectable

[['ReflectRequest', []], ['Exactly', ['a']]]

A reflectable header value.

A reflectable value can either be

  • ReflectRequest derive the headers from the request
  • Exactly set to a specific value

Decoders


configDecoder : Json.Decode.Decoder Serverless.Cors.Config

Decode CORS configuration from JSON.


methodsDecoder : Json.Decode.Decoder (List.List Serverless.Conn.Request.Method)

Case-insensitive decode a list of HTTP methods.


reflectableDecoder : Json.Decode.Decoder (Serverless.Cors.Reflectable (List.List String.String))

Decode a reflectable value from JSON.

  • "*" decodes to ReflectRequest
  • "foo,bar" or ["foo", "bar"] decodes to Exactly ["foo", "bar"]

Middleware


fromConfig : (config -> Serverless.Cors.Config) -> Serverless.Conn.Conn config model route -> Serverless.Conn.Conn config model route

Set CORS headers according to a configuration record.

This function is best used when the configuration is provided externally and decoded using configDecoder. For example, npm rc and AWS Lambda environment variables can be used as the source of CORS configuration.


allowOrigin : Serverless.Cors.Reflectable (List.List String.String) -> Serverless.Conn.Conn config model route -> Serverless.Conn.Conn config model route

Sets access-control-allow-origin.

ReflectRequest will reflect the request origin header, or if absent, will just be set to *


exposeHeaders : List.List String.String -> Serverless.Conn.Conn config model route -> Serverless.Conn.Conn config model route

Sets access-control-expose-headers.


maxAge : Basics.Int -> Serverless.Conn.Conn config model route -> Serverless.Conn.Conn config model route

Sets access-control-max-age.

If the value is not positive, the header will not be set.


allowCredentials : Basics.Bool -> Serverless.Conn.Conn config model route -> Serverless.Conn.Conn config model route

Sets access-control-allow-credentials.

Only sets the header if the value is True.


allowMethods : List.List Serverless.Conn.Request.Method -> Serverless.Conn.Conn config model route -> Serverless.Conn.Conn config model route

Sets access-control-allow-methods.


allowHeaders : Serverless.Cors.Reflectable (List.List String.String) -> Serverless.Conn.Conn config model route -> Serverless.Conn.Conn config model route

Sets access-control-allow-headers.

ReflectRequest will reflect the request access-control-request-headers headers or if absent, it will not set the header at all.


Deprecated


cors : Serverless.Cors.Config -> Serverless.Conn.Conn config model route -> Serverless.Conn.Conn config model route

Deprecated. Use fromConfig.