Hono includes a comprehensive collection of built-in middleware for common web application needs. All middleware is available via the hono package.
Authentication & Authorization Middleware for securing your application and verifying user identity.
Basic Auth HTTP Basic authentication with username and password import { basicAuth } from 'hono/basic-auth' app . use ( '/admin/*' , basicAuth ({ username: 'admin' , password: 'secret' }))
Bearer Auth Bearer token authentication for API access import { bearerAuth } from 'hono/bearer-auth' app . use ( '/api/*' , bearerAuth ({ token: 'your-token' }))
JWT JSON Web Token authentication and verification import { jwt } from 'hono/jwt' app . use ( '/auth/*' , jwt ({ secret: 'secret-key' , alg: 'HS256' }))
JWK Verify JWT tokens using JSON Web Keys import { jwk } from 'hono/jwk' app . use ( '/api/*' , jwk ({ jwkUrl: 'https://...' }))
Security Middleware to enhance application security and protect against common vulnerabilities.
CORS Cross-Origin Resource Sharing configuration import { cors } from 'hono/cors' app . use ( '/api/*' , cors ({ origin: 'https://example.com' , allowMethods: [ 'GET' , 'POST' ], credentials: true }))
CSRF Cross-Site Request Forgery protection import { csrf } from 'hono/csrf' app . use ( csrf ())
Secure Headers Set security-related HTTP headers import { secureHeaders } from 'hono/secure-headers' app . use ( secureHeaders ())
IP Restriction Allow or deny requests based on IP address import { ipRestriction } from 'hono/ip-restriction' app . use ( ipRestriction ({ allow: [ '192.168.0.0/16' ] }))
Middleware to improve application performance and reduce bandwidth.
Compress Response compression with gzip or deflate import { compress } from 'hono/compress' app . use ( compress ())
Cache Cache responses for improved performance import { cache } from 'hono/cache' app . use ( cache ({ cacheName: 'my-cache' }))
ETag Generate ETags for cache validation import { etag } from 'hono/etag' app . use ( etag ())
Timing Add Server-Timing headers for performance monitoring import { timing } from 'hono/timing' app . use ( timing ())
Request Processing Middleware for handling and validating incoming requests.
Body Limit Limit the size of request bodies import { bodyLimit } from 'hono/body-limit' app . use ( bodyLimit ({ maxSize: 50 * 1024 })) // 50KB
Method Override Override HTTP method for legacy clients import { methodOverride } from 'hono/method-override' app . use ( methodOverride ())
Timeout Set request timeout limits import { timeout } from 'hono/timeout' app . use ( '/api/*' , timeout ( 5000 )) // 5 seconds
Trailing Slash Enforce or remove trailing slashes in URLs import { trimTrailingSlash } from 'hono/trailing-slash' app . use ( trimTrailingSlash ())
Middleware for formatting and customizing responses.
Pretty JSON Format JSON responses with indentation import { prettyJSON } from 'hono/pretty-json' app . use ( prettyJSON ())
Powered By Add custom X-Powered-By header import { poweredBy } from 'hono/powered-by' app . use ( poweredBy ())
Utilities & Helpers Middleware for logging, internationalization, and other utilities.
Logger Log incoming requests and responses import { logger } from 'hono/logger' app . use ( logger ())
Request ID Generate unique IDs for each request import { requestId } from 'hono/request-id' app . use ( requestId ())
Language Detect and set user language preferences import { language } from 'hono/language' app . use ( language ())
Context Storage Store context data across async operations import { contextStorage } from 'hono/context-storage' app . use ( contextStorage ())
Static Files & Views Middleware for serving static files and rendering views.
Serve Static Serve static files from a directory import { serveStatic } from 'hono/serve-static' app . use ( '/static/*' , serveStatic ({ root: './public' }))
JSX Renderer Render JSX components as responses import { jsxRenderer } from 'hono/jsx-renderer' app . use ( jsxRenderer ())
Advanced Advanced middleware for special use cases.
Combine Combine multiple middleware into one import { combine } from 'hono/combine' import { logger } from 'hono/logger' import { cors } from 'hono/cors' const combined = combine ( logger (), cors ()) app . use ( combined )
Usage Examples Common Setup A typical Hono application might use several middleware together:
import { Hono } from 'hono' import { logger } from 'hono/logger' import { cors } from 'hono/cors' import { secureHeaders } from 'hono/secure-headers' import { compress } from 'hono/compress' import { jwt } from 'hono/jwt' const app = new Hono () // Global middleware for all routes app . use ( logger ()) app . use ( secureHeaders ()) app . use ( compress ()) // Public API with CORS app . use ( '/api/public/*' , cors ()) // Protected API with JWT app . use ( '/api/protected/*' , cors ()) app . use ( '/api/protected/*' , jwt ({ secret: 'secret-key' , alg: 'HS256' })) app . get ( '/api/public/info' , ( c ) => c . json ({ version: '1.0' })) app . get ( '/api/protected/data' , ( c ) => { const payload = c . get ( 'jwtPayload' ) return c . json ({ user: payload . sub }) }) export default app
Production-Ready Setup For production applications, consider this middleware stack:
import { Hono } from 'hono' import { logger } from 'hono/logger' import { cors } from 'hono/cors' import { secureHeaders } from 'hono/secure-headers' import { compress } from 'hono/compress' import { etag } from 'hono/etag' import { requestId } from 'hono/request-id' import { bodyLimit } from 'hono/body-limit' import { timeout } from 'hono/timeout' const app = new Hono () // Monitoring and debugging app . use ( logger ()) app . use ( requestId ()) // Security app . use ( secureHeaders ()) app . use ( cors ({ origin: process . env . ALLOWED_ORIGINS ?. split ( ',' ) || '*' , credentials: true })) // Performance app . use ( compress ()) app . use ( etag ()) // Limits app . use ( bodyLimit ({ maxSize: 1024 * 1024 })) // 1MB app . use ( timeout ( 30000 )) // 30 seconds export default app
For detailed API documentation of each middleware including all options and advanced usage, see the API Reference section.
