livery_cors (livery v0.2.0)

View Source

CORS middleware.

Adds Cross-Origin Resource Sharing headers and answers preflight OPTIONS requests. Configure it as a stack entry {livery_cors, Config} where every Config key is optional:

  • origins'*' (default), a list of allowed origin binaries, or a predicate fun((binary()) -> boolean()).
  • methods — allowed methods for preflight Access-Control-Allow-Methods (default the common verb set).
  • headersmirror (default, echo the request's Access-Control-Request-Headers) or an explicit list of header names.
  • expose — header names for Access-Control-Expose-Headers (default []).
  • credentialstrue to send Access-Control-Allow-Credentials (default false). With credentials the wildcard origin is never sent; the request Origin is echoed instead.
  • max_age — seconds for Access-Control-Max-Age on preflights.

Vary is set so shared caches stay correct: Origin is added on every branch whenever the emitted headers depend on the request origin (a list, a predicate, or credentialed wildcard), and Access-Control-Request-Headers is added on mirroring preflights. A plain non-credentialed '*' configuration is origin-independent and adds no Vary.

Summary

Functions

call(Req, Next, State)

Apply CORS headers, answering preflight requests directly.

Functions

call(Req, Next, State)

-spec call(livery_req:req(), livery_middleware:next(), map() | undefined) -> livery_resp:resp().

Apply CORS headers, answering preflight requests directly.