spark_cors
CORS (Cross-Origin Resource Sharing) middleware for Spark applications.
Features
- Handles preflight OPTIONS requests automatically
- Dynamic origin matching (single, multiple, or wildcard)
- Permissive and restrictive preset configurations
- Credentials support with Vary: Origin header
- Preflight response caching with max-age
Installation
dependencies:
spark_cors: ^1.0.0Usage
Permissive (Allow All Origins)
import 'package:spark_cors/spark_cors.dart';
final handler = Pipeline()
.addMiddleware(corsMiddleware(CorsConfig.permissive()))
.addHandler(myRouter);Restrictive (Default)
final handler = Pipeline()
.addMiddleware(corsMiddleware(CorsConfig.restrictive()))
.addHandler(myRouter);Custom Configuration
corsMiddleware(CorsConfig(
allowOrigin: AccessControlAllowOrigin.origin('https://example.com'),
allowMethods: AccessControlAllowMethods.all,
allowHeaders: AccessControlAllowHeaders.all,
allowCredentials: true,
maxAge: AccessControlMaxAge(3600),
))Multiple Allowed Origins
corsMiddleware(CorsConfig(
allowOrigin: AccessControlAllowOrigin.origins([
'https://app.example.com',
'https://admin.example.com',
]),
))Reject Disallowed Origins
corsMiddleware(CorsConfig(
allowOrigin: AccessControlAllowOrigin.origin('https://example.com'),
rejectCrossOrigin: true, // returns 403
))