dream: CORS middleware + preflight handling + 12 tests
Some checks failed
Test, Build, and Deploy / test-build-deploy (push) Failing after 52s
Some checks failed
Test, Build, and Deploy / test-build-deploy (push) Failing after 52s
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -99,6 +99,11 @@ with extensions + hardening below.
|
||||
custom page receiving `(req e)`); normal responses pass through untouched, composes
|
||||
around a router. (`guard` catches explicit `(error …)` raises; `e` stringifies to the
|
||||
message.)
|
||||
- **2026-06-07 — Ext: CORS** (`lib/dream/cors.sx`, 12 tests, 294 total). `dream-cors`
|
||||
decorates responses with `Access-Control-Allow-Origin` (+ credentials), and
|
||||
short-circuits preflight `OPTIONS` with a 204 carrying Allow-Methods/Headers/Max-Age.
|
||||
`dream-cors-origin` for a specific origin, `dream-cors-with opts` for full control
|
||||
(origin/methods/headers/credentials/max-age). Composes around a router.
|
||||
|
||||
## Extensions (post-roadmap)
|
||||
|
||||
@@ -107,7 +112,7 @@ The five-types core is complete; these harden it toward a production HTTP front
|
||||
- [x] **Router HTTP correctness**: 405 Method Not Allowed + `Allow` header; automatic
|
||||
HEAD (serve the GET handler with an empty body).
|
||||
- [x] **Status reason phrases** + `dream-status-text` (`lib/dream/error.sx`).
|
||||
- [ ] **CORS middleware** (`dream-cors`).
|
||||
- [x] **CORS middleware** (`dream-cors`).
|
||||
- [x] **Error-handling middleware** (`dream-catch` / custom 500 templates; `guard`-based).
|
||||
- [ ] **Signed session cookies** (the noted hardening — sign the sid).
|
||||
- [ ] **JSON helpers** (build from dict; parse to dict).
|
||||
|
||||
Reference in New Issue
Block a user