More utilities

Session utils

clearSession(event, config)

Clear the session data for the current request.

getSession(event, config)

Get the session for the current request.

sealSession(event, config)

Encrypt and sign the session data for the current request.

unsealSession(_event, config, sealed)

Decrypt and verify the session data for the current request.

updateSession(event, config, update?)

Update the session data for the current request.

useSession(event, config)

Create a session manager for the current request.

deleteCookie(event, name, serializeOptions?)

Remove a cookie by name.

getCookie(event, name)

Get a cookie value by name.


Parse the request to get HTTP Cookie header string and returning an object of all cookie name-value pairs.

setCookie(event, name, value, serializeOptions?)

Set a cookie value by name.


sanitizeStatusCode(statusCode?, defaultStatusCode)

Make sure the status code is a valid HTTP status code.


Make sure the status message is safe to use in a response.

Allowed characters: horizontal tabs, spaces or visible ascii characters: https://www.rfc-editor.org/rfc/rfc7230#section-3.1.2


useBase(base, handler)

Prefixes and executes a handler with a base path.


const app = createApp();
const router = createRouter();
const apiRouter = createRouter().get(
  defineEventHandler((event) => {
    return "Hello API!";
router.use("/api/**", useBase("/api", apiRouter.handler));


handleCacheHeaders(event, opts)

Check request caching headers (If-Modified-Since) and add caching headers (Last-Modified, Cache-Control) Note: public cache control will be added by default


fetchWithEvent(event, req, init?, options?: { fetch: F })

Make a fetch request with the event's context and headers.


Get the request headers object without headers known to cause issues when proxying.

proxyRequest(event, target, opts)

Proxy the incoming request to a target URL.

sendProxy(event, target, opts)

Make a proxy request to a target URL and send the response back to the client.


appendCorsHeaders(event, options)

Append CORS headers to the response.

appendCorsPreflightHeaders(event, options)

Append CORS preflight headers to the response.

handleCors(event, options)

Handle CORS for the incoming request.

If the incoming request is a CORS preflight request, it will append the CORS preflight headers and send a 204 response.

If return value is true, the request is handled and no further action is needed.


const app = createApp();
const router = createRouter();
  defineEventHandler(async (event) => {
      const didHandleCors = handleCors(event, {
        origin: '*',
        preflight: {
         statusCode: 204,
     methods: '*',
   if (didHandleCors) {
   // Your code here

isCorsOriginAllowed(origin, options)

Check if the incoming request is a CORS request.


Check if the incoming request is a CORS preflight request.

Server Sent Events (SSE)

createEventStream(event, opts?)

Initialize an EventStream instance for creating server sent events


import { createEventStream, sendEventStream } from "h3";

eventHandler((event) => {
  const eventStream = createEventStream(event);

  // Send a message every second
  const interval = setInterval(async () => {
    await eventStream.push("Hello world");
  }, 1000);

  // cleanup the interval and close the stream when the connection is terminated
  eventStream.onClosed(async () => {
    console.log("closing SSE...");
    await eventStream.close();

  return eventStream.send();