cernont/pyrofetes-frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

avancement planning

Browse Source
This commit is contained in:
timothe
2026-05-26 11:58:39 +02:00
parent 619a2b240a
commit 150b97cd2e
4892 changed files with 99214 additions and 429382 deletions
Download Patch File Download Diff File Expand all files Collapse all files
node_modules/cors/CONTRIBUTING.md
Generated Vendored
-33
View File
@@ -1,33 +0,0 @@
# contributing to `cors`
CORS is a node.js package for providing a [connect](http://www.senchalabs.org/connect/)/[express](http://expressjs.com/) middleware that can be used to enable [CORS](http://en.wikipedia.org/wiki/Cross-origin_resource_sharing) with various options. Learn more about the project in [the README](README.md).
## The CORS Spec
[http://www.w3.org/TR/cors/](http://www.w3.org/TR/cors/)
## Pull Requests Welcome
* Include `'use strict';` in every javascript file.
* 2 space indentation.
* Please run the testing steps below before submitting.
## Testing
```bash
$ npm install
$ npm test
```
## Interactive Testing Harness
[http://node-cors-client.herokuapp.com](http://node-cors-client.herokuapp.com)
Related git repositories:
* [https://github.com/TroyGoode/node-cors-server](https://github.com/TroyGoode/node-cors-server)
* [https://github.com/TroyGoode/node-cors-client](https://github.com/TroyGoode/node-cors-client)
## License
[MIT License](http://www.opensource.org/licenses/mit-license.php)
node_modules/cors/HISTORY.md
Generated Vendored
-58
View File
@@ -1,58 +0,0 @@
2.8.5 / 2018-11-04
==================
* Fix setting `maxAge` option to `0`
2.8.4 / 2017-07-12
==================
* Work-around Safari bug in default pre-flight response
2.8.3 / 2017-03-29
==================
* Fix error when options delegate missing `methods` option
2.8.2 / 2017-03-28
==================
* Fix error when frozen options are passed
* Send "Vary: Origin" when using regular expressions
* Send "Vary: Access-Control-Request-Headers" when dynamic `allowedHeaders`
2.8.1 / 2016-09-08
==================
This release only changed documentation.
2.8.0 / 2016-08-23
==================
* Add `optionsSuccessStatus` option
2.7.2 / 2016-08-23
==================
* Fix error when Node.js running in strict mode
2.7.1 / 2015-05-28
==================
* Move module into expressjs organization
2.7.0 / 2015-05-28
==================
* Allow array of matching condition as `origin` option
* Allow regular expression as `origin` option
2.6.1 / 2015-05-28
==================
* Update `license` in package.json
2.6.0 / 2015-04-27
==================
* Add `preflightContinue` option
* Fix "Vary: Origin" header added for "*"
node_modules/cors/README.md
Generated Vendored
+103 -69
View File
@@ -2,30 +2,32 @@
[![NPM Version][npm-image]][npm-url]
[![NPM Downloads][downloads-image]][downloads-url]
[![Build Status][travis-image]][travis-url]
[![Build Status][github-actions-ci-image]][github-actions-ci-url]
[![Test Coverage][coveralls-image]][coveralls-url]
CORS is a node.js package for providing a [Connect](http://www.senchalabs.org/connect/)/[Express](http://expressjs.com/) middleware that can be used to enable [CORS](http://en.wikipedia.org/wiki/Cross-origin_resource_sharing) with various options.
CORS is a [Node.js](https://nodejs.org/en/) middleware for [Express](https://expressjs.com/)/[Connect](https://github.com/senchalabs/connect) that sets [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS) response headers. These headers tell browsers which origins can read responses from your server.
**[Follow me (@troygoode) on Twitter!](https://twitter.com/intent/user?screen_name=troygoode)**
> [!IMPORTANT]
> **How CORS Works:** This package sets response headers—it doesn't block requests. CORS is enforced by browsers: they check the headers and decide if JavaScript can read the response. Non-browser clients (curl, Postman, other servers) ignore CORS entirely. See the [MDN CORS guide](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS) for details.
* [Installation](#installation)
* [Usage](#usage)
* [Simple Usage](#simple-usage-enable-all-cors-requests)
* [Enable CORS for a Single Route](#enable-cors-for-a-single-route)
* [Configuring CORS](#configuring-cors)
* [Configuring CORS Asynchronously](#configuring-cors-asynchronously)
* [Configuring CORS w/ Dynamic Origin](#configuring-cors-w-dynamic-origin)
* [Enabling CORS Pre-Flight](#enabling-cors-pre-flight)
* [Customizing CORS Settings Dynamically per Request](#customizing-cors-settings-dynamically-per-request)
* [Configuration Options](#configuration-options)
* [Demo](#demo)
* [Common Misconceptions](#common-misconceptions)
* [License](#license)
* [Author](#author)
* [Original Author](#original-author)
## Installation
This is a [Node.js](https://nodejs.org/en/) module available through the
[npm registry](https://www.npmjs.com/). Installation is done using the
[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
[`npm install` command](https://docs.npmjs.com/downloading-and-installing-packages-locally):
```sh
$ npm install cors
@@ -40,14 +42,15 @@ var express = require('express')
var cors = require('cors')
var app = express()
// Adds headers: Access-Control-Allow-Origin: *
app.use(cors())
app.get('/products/:id', function (req, res, next) {
res.json({msg: 'This is CORS-enabled for all origins!'})
res.json({msg: 'Hello'})
})
app.listen(80, function () {
console.log('CORS-enabled web server listening on port 80')
console.log('web server listening on port 80')
})
```
@@ -58,17 +61,20 @@ var express = require('express')
var cors = require('cors')
var app = express()
// Adds headers: Access-Control-Allow-Origin: *
app.get('/products/:id', cors(), function (req, res, next) {
res.json({msg: 'This is CORS-enabled for a Single Route'})
res.json({msg: 'Hello'})
})
app.listen(80, function () {
console.log('CORS-enabled web server listening on port 80')
console.log('web server listening on port 80')
})
```
### Configuring CORS
See the [configuration options](#configuration-options) for details.
```javascript
var express = require('express')
var cors = require('cors')
@@ -79,57 +85,56 @@ var corsOptions = {
optionsSuccessStatus: 200 // some legacy browsers (IE11, various SmartTVs) choke on 204
}
// Adds headers: Access-Control-Allow-Origin: http://example.com, Vary: Origin
app.get('/products/:id', cors(corsOptions), function (req, res, next) {
res.json({msg: 'This is CORS-enabled for only example.com.'})
res.json({msg: 'Hello'})
})
app.listen(80, function () {
console.log('CORS-enabled web server listening on port 80')
console.log('web server listening on port 80')
})
```
### Configuring CORS w/ Dynamic Origin
This module supports validating the origin dynamically using a function provided
to the `origin` option. This function will be passed a string that is the origin
(or `undefined` if the request has no origin), and a `callback` with the signature
`callback(error, origin)`.
The `origin` argument to the callback can be any value allowed for the `origin`
option of the middleware, except a function. See the
[configuration options](#configuration-options) section for more information on all
the possible value types.
This function is designed to allow the dynamic loading of allowed origin(s) from
a backing datasource, like a database.
```javascript
var express = require('express')
var cors = require('cors')
var app = express()
var whitelist = ['http://example1.com', 'http://example2.com']
var corsOptions = {
origin: function (origin, callback) {
if (whitelist.indexOf(origin) !== -1) {
callback(null, true)
} else {
callback(new Error('Not allowed by CORS'))
}
// db.loadOrigins is an example call to load
// a list of origins from a backing database
db.loadOrigins(function (error, origins) {
callback(error, origins)
})
}
}
// Adds headers: Access-Control-Allow-Origin: <matched origin>, Vary: Origin
app.get('/products/:id', cors(corsOptions), function (req, res, next) {
res.json({msg: 'This is CORS-enabled for a whitelisted domain.'})
res.json({msg: 'Hello'})
})
app.listen(80, function () {
console.log('CORS-enabled web server listening on port 80')
console.log('web server listening on port 80')
})
```
If you do not want to block REST tools or server-to-server requests,
add a `!origin` check in the origin function like so:
```javascript
var corsOptions = {
origin: function (origin, callback) {
if (whitelist.indexOf(origin) !== -1 || !origin) {
callback(null, true)
} else {
callback(new Error('Not allowed by CORS'))
}
}
}
```
### Enabling CORS Pre-Flight
Certain CORS requests are considered 'complex' and require an initial
@@ -144,13 +149,13 @@ var express = require('express')
var cors = require('cors')
var app = express()
app.options('/products/:id', cors()) // enable pre-flight request for DELETE request
app.options('/products/:id', cors()) // preflight for DELETE
app.del('/products/:id', cors(), function (req, res, next) {
res.json({msg: 'This is CORS-enabled for all origins!'})
res.json({msg: 'Hello'})
})
app.listen(80, function () {
console.log('CORS-enabled web server listening on port 80')
console.log('web server listening on port 80')
})
```
@@ -160,41 +165,67 @@ You can also enable pre-flight across-the-board like so:
app.options('*', cors()) // include before other routes
```
### Configuring CORS Asynchronously
NOTE: When using this middleware as an application level middleware (for
example, `app.use(cors())`), pre-flight requests are already handled for all
routes.
### Customizing CORS Settings Dynamically per Request
For APIs that require different CORS configurations for specific routes or requests, you can dynamically generate CORS options based on the incoming request. The `cors` middleware allows you to achieve this by passing a function instead of static options. This function is called for each incoming request and must use the callback pattern to return the appropriate CORS options.
The function accepts:
1. **`req`**:
- The incoming request object.
2. **`callback(error, corsOptions)`**:
- A function used to return the computed CORS options.
- **Arguments**:
- **`error`**: Pass `null` if theres no error, or an error object to indicate a failure.
- **`corsOptions`**: An object specifying the CORS policy for the current request.
Heres an example that handles both public routes and restricted, credential-sensitive routes:
```javascript
var express = require('express')
var cors = require('cors')
var app = express()
var whitelist = ['http://example1.com', 'http://example2.com']
var corsOptionsDelegate = function (req, callback) {
var dynamicCorsOptions = function(req, callback) {
var corsOptions;
if (whitelist.indexOf(req.header('Origin')) !== -1) {
corsOptions = { origin: true } // reflect (enable) the requested origin in the CORS response
if (req.path.startsWith('/auth/connect/')) {
// Access-Control-Allow-Origin: http://mydomain.com, Access-Control-Allow-Credentials: true, Vary: Origin
corsOptions = {
origin: 'http://mydomain.com',
credentials: true
};
} else {
corsOptions = { origin: false } // disable CORS for this request
// Access-Control-Allow-Origin: *
corsOptions = { origin: '*' };
}
callback(null, corsOptions) // callback expects two parameters: error and options
}
callback(null, corsOptions);
};
app.get('/products/:id', cors(corsOptionsDelegate), function (req, res, next) {
res.json({msg: 'This is CORS-enabled for a whitelisted domain.'})
})
app.use(cors(dynamicCorsOptions));
app.get('/auth/connect/twitter', function (req, res) {
res.send('Hello');
});
app.get('/public', function (req, res) {
res.send('Hello');
});
app.listen(80, function () {
console.log('CORS-enabled web server listening on port 80')
console.log('web server listening on port 80')
})
```
## Configuration Options
* `origin`: Configures the **Access-Control-Allow-Origin** CORS header. Possible values:
- `Boolean` - set `origin` to `true` to reflect the [request origin](http://tools.ietf.org/html/draft-abarth-origin-09), as defined by `req.header('Origin')`, or set it to `false` to disable CORS.
- `String` - set `origin` to a specific origin. For example if you set it to `"http://example.com"` only requests from "http://example.com" will be allowed.
- `Boolean` - set `origin` to `true` to reflect the [request origin](https://datatracker.ietf.org/doc/html/draft-abarth-origin-09), as defined by `req.header('Origin')`, or set it to `false` to disable CORS.
- `String` - set `origin` to a specific origin. For example, if you set it to
- `"http://example.com"` only requests from "http://example.com" will be allowed.
- `"*"` for all domains to be allowed.
- `RegExp` - set `origin` to a regular expression pattern which will be used to test the request origin. If it's a match, the request origin will be reflected. For example the pattern `/example\.com$/` will reflect any request that is coming from an origin ending with "example.com".
- `Array` - set `origin` to an array of valid origins. Each origin can be a `String` or a `RegExp`. For example `["http://example1.com", /\.example2\.com$/]` will accept any request from "http://example1.com" or from a subdomain of "example2.com".
- `Function` - set `origin` to a function implementing some custom logic. The function takes the request origin as the first parameter and a callback (which expects the signature `err [object], allow [bool]`) as the second.
- `Function` - set `origin` to a function implementing some custom logic. The function takes the request origin as the first parameter and a callback (called as `callback(err, origin)`, where `origin` is a non-function value of the `origin` option) as the second.
* `methods`: Configures the **Access-Control-Allow-Methods** CORS header. Expects a comma-delimited string (ex: 'GET,PUT,POST') or an array (ex: `['GET', 'PUT', 'POST']`).
* `allowedHeaders`: Configures the **Access-Control-Allow-Headers** CORS header. Expects a comma-delimited string (ex: 'Content-Type,Authorization') or an array (ex: `['Content-Type', 'Authorization']`). If not specified, defaults to reflecting the headers specified in the request's **Access-Control-Request-Headers** header.
* `exposedHeaders`: Configures the **Access-Control-Expose-Headers** CORS header. Expects a comma-delimited string (ex: 'Content-Range,X-Content-Range') or an array (ex: `['Content-Range', 'X-Content-Range']`). If not specified, no custom headers are exposed.
@@ -214,30 +245,33 @@ The default configuration is the equivalent of:
}
```
For details on the effect of each CORS header, read [this](http://www.html5rocks.com/en/tutorials/cors/) article on HTML5 Rocks.
## Common Misconceptions
## Demo
### "CORS blocks requests from disallowed origins"
A demo that illustrates CORS working (and not working) using jQuery is available here: [http://node-cors-client.herokuapp.com/](http://node-cors-client.herokuapp.com/)
**No.** Your server receives and processes every request. CORS headers tell the browser whether JavaScript can read the response—not whether the request is allowed.
Code for that demo can be found here:
### "CORS protects my API from unauthorized access"
* Client: [https://github.com/TroyGoode/node-cors-client](https://github.com/TroyGoode/node-cors-client)
* Server: [https://github.com/TroyGoode/node-cors-server](https://github.com/TroyGoode/node-cors-server)
**No.** CORS is not access control. Any HTTP client (curl, Postman, another server) can call your API regardless of CORS settings. Use authentication and authorization to protect your API.
### "Setting `origin: 'http://example.com'` means only that domain can access my server"
**No.** It means browsers will only let JavaScript from that origin read responses. The server still responds to all requests.
## License
[MIT License](http://www.opensource.org/licenses/mit-license.php)
## Author
## Original Author
[Troy Goode](https://github.com/TroyGoode) ([troygoode@gmail.com](mailto:troygoode@gmail.com))
[coveralls-image]: https://img.shields.io/coveralls/expressjs/cors/master.svg
[coveralls-url]: https://coveralls.io/r/expressjs/cors?branch=master
[downloads-image]: https://img.shields.io/npm/dm/cors.svg
[downloads-url]: https://npmjs.org/package/cors
[downloads-url]: https://npmjs.com/package/cors
[github-actions-ci-image]: https://img.shields.io/github/actions/workflow/status/expressjs/cors/ci.yml?branch=master&label=ci
[github-actions-ci-url]: https://github.com/expressjs/cors?query=workflow%3Aci
[npm-image]: https://img.shields.io/npm/v/cors.svg
[npm-url]: https://npmjs.org/package/cors
[travis-image]: https://img.shields.io/travis/expressjs/cors/master.svg
[travis-url]: https://travis-ci.org/expressjs/cors
[npm-url]: https://npmjs.com/package/cors
node_modules/cors/lib/index.js
Generated Vendored
+6 -6
View File
@@ -163,11 +163,11 @@
if (method === 'OPTIONS') {
// preflight
headers.push(configureOrigin(options, req));
headers.push(configureCredentials(options, req));
headers.push(configureMethods(options, req));
headers.push(configureCredentials(options))
headers.push(configureMethods(options))
headers.push(configureAllowedHeaders(options, req));
headers.push(configureMaxAge(options, req));
headers.push(configureExposedHeaders(options, req));
headers.push(configureMaxAge(options))
headers.push(configureExposedHeaders(options))
applyHeaders(headers, res);
if (options.preflightContinue) {
@@ -182,8 +182,8 @@
} else {
// actual response
headers.push(configureOrigin(options, req));
headers.push(configureCredentials(options, req));
headers.push(configureExposedHeaders(options, req));
headers.push(configureCredentials(options))
headers.push(configureExposedHeaders(options))
applyHeaders(headers, res);
next();
}
node_modules/cors/package.json
Generated Vendored
+13 -12
View File
@@ -1,7 +1,7 @@
{
"name": "cors",
"description": "Node.js CORS middleware",
"version": "2.8.5",
"version": "2.8.6",
"author": "Troy Goode <troygoode@gmail.com> (https://github.com/troygoode/)",
"license": "MIT",
"keywords": [
@@ -11,6 +11,10 @@
"middleware"
],
"repository": "expressjs/cors",
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/express"
},
"main": "./lib/index.js",
"dependencies": {
"object-assign": "^4",
@@ -18,24 +22,21 @@
},
"devDependencies": {
"after": "0.8.2",
"eslint": "2.13.1",
"express": "4.16.3",
"mocha": "5.2.0",
"nyc": "13.1.0",
"supertest": "3.3.0"
"eslint": "7.30.0",
"express": "4.21.2",
"mocha": "9.2.2",
"nyc": "15.1.0",
"supertest": "6.1.3"
},
"files": [
"lib/index.js",
"CONTRIBUTING.md",
"HISTORY.md",
"LICENSE",
"README.md"
"lib/index.js"
],
"engines": {
"node": ">= 0.10"
},
"scripts": {
"test": "npm run lint && nyc --reporter=html --reporter=text mocha --require test/support/env",
"test": "npm run lint && npm run test-ci",
"test-ci": "nyc --reporter=lcov --reporter=text mocha --require test/support/env",
"lint": "eslint lib test"
}
}