Skip to content

Server Options

The server block configures the dev server's networking layer — HTTPS, request proxying, CORS, the mount base, and the SPA history fallback. Host and port stay in dev.

For a task-oriented walkthrough, see the Networking guide.

ts
import { defineConfig } from "vantris";

export default defineConfig({
  server: {
    https: false,
    proxy: {},
    cors: false,
    base: undefined,     // defaults to the top-level `base`
    spaFallback: true,
  },
});

server.https

  • Type: boolean | { cert: string; key: string }
  • Default: false

Serve over HTTPS. true generates a self-signed development certificate on the fly (Vantris warns that browsers will prompt to trust it). Pass { cert, key } to use your own — each accepts PEM contents or a file path resolved against root.

ts
server: { https: true }
ts
server: {
  https: {
    cert: "./certs/localhost.pem",
    key: "./certs/localhost-key.pem",
  },
}

HttpsConfig

FieldTypeDescription
certstringPEM certificate (contents or a path).
keystringPEM private key (contents or a path).

server.proxy

  • Type: Record<string, string | ProxyOptions>
  • Default: {}

Proxy rules mapping a request-path prefix to a target origin (a string) or a ProxyOptions object.

ts
server: {
  proxy: {
    "/api": "http://localhost:8080",
    "/auth": {
      target: "https://auth.example.com",
      changeOrigin: true,
      rewrite: (path) => path.replace(/^\/auth/, ""),
      secure: true,
    },
  },
}

An unreachable target responds with a clear 502.

ProxyOptions

FieldTypeDefaultDescription
targetstringTarget origin, e.g. "http://localhost:8080".
changeOriginbooleantrueRewrite the Host header to the target's.
rewrite(path: string) => stringRewrite the request path before forwarding.
securebooleantrueVerify TLS certificates for an https target.

server.cors

  • Type: boolean | CorsOptions
  • Default: false

Enable CORS. true applies permissive defaults; an object customises it. Sets Access-Control-* headers and answers preflight OPTIONS requests.

ts
server: { cors: true }
ts
server: {
  cors: {
    origin: ["http://localhost:3000"],
    methods: ["GET", "POST"],
    headers: ["Content-Type", "Authorization"],
    credentials: true,
  },
}

CorsOptions

FieldTypeDefaultDescription
originstring | string[] | booleantrueAllowed origin(s). true reflects Origin.
methodsstring[]["GET","HEAD","PUT","PATCH","POST","DELETE"]Allowed methods.
headersstring[]Echoed to Access-Control-Allow-Headers.
credentialsbooleanfalseSets Access-Control-Allow-Credentials.

server.base

  • Type: string
  • Default: the top-level base

Sub-path the dev server is mounted under. Injected scripts and asset URLs respect it. Usually you set the top-level base and leave this alone; set it to override just the dev server's mount point.

ts
export default defineConfig({
  base: "/app/",
  server: { base: "/app/" },
});

server.spaFallback

  • Type: boolean
  • Default: true

History-API fallback: an unmatched, non-file route serves index.html (so client-side routing works on refresh). A missing .js/.png still returns a real 404.

ts
server: { spaFallback: false } // disable for a multi-page app

ServerConfig at a glance

ts
interface ServerConfig {
  https?: boolean | HttpsConfig;
  proxy?: Record<string, string | ProxyOptions>;
  cors?: boolean | CorsOptions;
  base?: string;
  spaFallback?: boolean;
}

Released under the MIT License.