optimized allow headers and methods normalizing

sdangol · sdangol · commit 2597d5a53160 · 2025-09-22T11:50:28.000+01:00
diff --git a/packages/event-handler/src/rest/middleware/cors.ts b/packages/event-handler/src/rest/middleware/cors.ts
@@ -50,6 +50,12 @@ export const cors = (options?: CorsOptions): Middleware => {
   const allowedOrigins =
     typeof config.origin === 'string' ? [config.origin] : config.origin;
   const allowsWildcard = allowedOrigins.includes('*');
+  const allowedMethods = config.allowMethods.map((method) =>
+    method.toUpperCase()
+  );
+  const allowedHeaders = config.allowHeaders.map((header) =>
+    header.toLowerCase()
+  );
 
   return async (_params, reqCtx, next) => {
     const requestOrigin = reqCtx.request.headers.get('Origin');
@@ -72,18 +78,11 @@ export const cors = (options?: CorsOptions): Middleware => {
         ?.toLowerCase();
       if (
         !requestMethod ||
-        !config.allowMethods
-          .map((m) => m.toUpperCase())
-          .includes(requestMethod) ||
+        !allowedMethods.includes(requestMethod) ||
         !requestHeaders ||
         requestHeaders
           .split(',')
-          .some(
-            (header) =>
-              !config.allowHeaders
-                .map((h) => h.toLowerCase())
-                .includes(header.trim())
-          )
+          .some((header) => !allowedHeaders.includes(header.trim()))
       ) {
         await next();
         return;
@@ -106,10 +105,10 @@ export const cors = (options?: CorsOptions): Middleware => {
           config.maxAge.toString()
         );
       }
-      config.allowMethods.forEach((method) => {
+      allowedMethods.forEach((method) => {
         reqCtx.res.headers.append('access-control-allow-methods', method);
       });
-      config.allowHeaders.forEach((header) => {
+      allowedHeaders.forEach((header) => {
         reqCtx.res.headers.append('access-control-allow-headers', header);
       });
       return new Response(null, {
