Last Updated: 3/9/2026
Middleware Reference
Note: This section is under construction. Full middleware reference documentation will be added soon.
Hono provides a rich ecosystem of built-in, third-party, and custom middleware. This page serves as a placeholder for comprehensive middleware documentation.
Middleware Documentation To Be Added
Built-in Middleware
The following built-in middleware guides are planned:
Authentication & Security
- Basic Auth
- Bearer Auth
- JWT Auth
- Secure Headers
- CORS
- CSRF Protection
- IP Restriction
Performance & Optimization
- Compress (gzip, brotli)
- Cache
- ETag
- Timeout
Utilities
- Logger
- Pretty JSON
- Body Limit
- Method Override
- Trailing Slash
- Request ID
- Timing
- Language
- Context Storage
- Combine
Rendering
- JSX Renderer
Cryptography
- JWK (JSON Web Keys)
Third-Party Middleware
From @hono organization:
- GraphQL Server
- Firebase Auth
- Sentry
- Zod Validator
- Standard Validator
- And many more…
Current Documentation
For now, middleware is covered in these sections:
Concepts
- Middleware - How middleware works in Hono
Guides
- Using Middleware - Practical middleware usage
- Validation - Validator middleware
- JSX Templating - JSX renderer middleware
Quick Middleware Overview
While we complete the full reference, here’s a quick overview of commonly used middleware:
Logger
import { logger } from 'hono/logger'
app.use('*', logger())CORS
import { cors } from 'hono/cors'
app.use('/api/*', cors())
// With options
app.use('/api/*', cors({
origin: 'https://example.com',
allowMethods: ['GET', 'POST'],
allowHeaders: ['Content-Type'],
credentials: true,
}))Basic Auth
import { basicAuth } from 'hono/basic-auth'
app.use('/admin/*', basicAuth({
username: 'admin',
password: 'secret',
}))JWT Auth
import { jwt } from 'hono/jwt'
app.use('/api/*', jwt({
secret: 'my-secret-key',
}))Compress
import { compress } from 'hono/compress'
app.use('*', compress())Secure Headers
import { secureHeaders } from 'hono/secure-headers'
app.use('*', secureHeaders())ETag
import { etag } from 'hono/etag'
app.use('*', etag())Body Limit
import { bodyLimit } from 'hono/body-limit'
app.use('/api/*', bodyLimit({
maxSize: 50 * 1024, // 50kb
onError: (c) => {
return c.text('Payload too large', 413)
},
}))Pretty JSON
import { prettyJSON } from 'hono/pretty-json'
app.use('*', prettyJSON())Zod Validator
import { zValidator } from '@hono/zod-validator'
import { z } from 'zod'
app.post('/posts',
zValidator('json', z.object({
title: z.string(),
body: z.string(),
})),
(c) => {
const data = c.req.valid('json')
return c.json({ success: true })
}
)Creating Custom Middleware
import { createMiddleware } from 'hono/factory'
const customMiddleware = createMiddleware(async (c, next) => {
console.log('Before request')
const start = Date.now()
await next()
const duration = Date.now() - start
console.log(`Request took ${duration}ms`)
})
app.use('*', customMiddleware)Middleware Execution Order
Middleware executes in registration order:
// 1. Global middleware
app.use('*', logger())
app.use('*', secureHeaders())
// 2. Path-specific middleware
app.use('/api/*', cors())
app.use('/api/*', jwt({ secret: 'key' }))
// 3. Route handlers
app.get('/api/users', (c) => c.json({ users: [] }))Community Resources
- Hono Middleware - Official middleware docs
- Third-party Middleware - @hono middleware packages
- Hono Examples - Middleware examples
What’s Next
- Middleware Concepts - How middleware works
- Using Middleware - Practical guide
- Best Practices - Middleware patterns