Skip to content
Stoma

cors

cors(config?): Policy

Defined in: src/policies/transform/cors.ts:60

Add Cross-Origin Resource Sharing headers to gateway responses.

Wraps Hono’s built-in CORS middleware as a composable policy. Handles both simple and preflight (OPTIONS) requests. Runs at priority 5 so CORS headers are applied before auth or other policies reject the request.

Parameters

Section titled “Parameters”

config?

Section titled “config?”

CorsConfig

Origin rules, allowed methods/headers, and credentials. All fields optional.

Returns

Section titled “Returns”

Policy

A Policy at priority 5 (runs very early).

Example

Section titled “Example”
import { createGateway } from "@homegrower-club/stoma";
import { cors } from "@homegrower-club/stoma/policies";


// Allow any origin (default)
createGateway({
  policies: [cors()],
  routes: [{ path: "/api/*", pipeline: { upstream: { type: "url", target: "https://api.example.com" } } }],
});


// Restrict to specific origins with credentials
cors({
  origins: ["https://app.example.com", "https://staging.example.com"],
  methods: ["GET", "POST", "PUT", "DELETE"],
  credentials: true,
  maxAge: 3600,
});


// Dynamic origin validation
cors({
  origins: (origin) => origin.endsWith(".example.com"),
});