const maxAge = 6000;
const credentials = true;
const methods = "GET,HEAD,PUT,POST,DELETE";
const whiteList = ["http://localhost:3001"];
const exposeHeaders = "a,b,c";
function Cors() {
return async (ctx, next) => {
const {
method,
header: { origin, referer },
} = ctx.request;
const source = origin || referer;
if (!whiteList.includes(source)) {
ctx.status = 401;
ctx.set("WWW-Authenticate", "Basic");
ctx.body = "非法域名";
return;
}
ctx.set("Access-Control-Max-Age", maxAge);
ctx.set("Access-Control-Allow-Origin", source);
ctx.set("Access-Control-Allow-Methods", methods);
ctx.set("Access-Control-Expose-Headers", exposeHeaders);
credentials && ctx.set("Access-Control-Allow-Credentials", "true");
ctx.set(
"Access-Control-Allow-Headers",
ctx.get("access-control-request-headers")
);
if (method === "OPTIONS") {
ctx.status = 204;
ctx.body = "OPTIONS 预检请求";
return;
}
await next();
};
}
module.exports = Cors;