Napoleon's Penguin Mascot

    cors
    DefinitelyTyped icon, indicating that this package has TypeScript declarations provided by the separate @types/cors package

    0.0.1 • Public • Published

    cors

    CORS is a node.js package for providing a connect/express middleware that can be used to enable CORS with various options.

    build status

    Installation

    $ npm install cors

    Usage

    Simple Usage (Enable All CORS Requests)

    var express = require('express')
      , cors = require('cors')
      , app = express();
     
    app.get('/products/:id', cors(), function(req, res, next){
      res.json({msg: 'This is CORS-enabled for all origins!'});
    });
     
    app.listen(80, function(){
      console.log('CORS-enabled web server listening on port 80');
    });

    Configuring CORS

    var express = require('express')
      , cors = require('cors')
      , app = express();
     
    var corsOptions = {
      origin: 'http://example.com'
    };
     
    app.get('/products/:id', cors(corsOptions), function(req, res, next){
      res.json({msg: 'This is CORS-enabled for only example.com.'});
    });
     
    app.listen(80, function(){
      console.log('CORS-enabled web server listening on port 80');
    });

    Configuring CORS Asynchronously

    var express = require('express')
      , cors = require('cors')
      , app = express();
     
    var whitelist = ['http://example1.com', 'http://example2.com'];
    var corsOptionsDelegate = function(req, callback){
      var corsOptions;
      if(whitelist.indexOf(req.header('Origin')) !== -1){
        corsOptions = { origin: true }; // reflect (enable) the requested origin in the CORS response
      }else{
        corsOptions = { origin: false }; // disable CORS for this request
      }
      callback(null, corsOptions); // callback expects two parameters: error and options
    };
     
    app.get('/products/:id', cors(corsOptionsDelegate), function(req, res, next){
      res.json({msg: 'This is CORS-enabled for a whitelisted domain.'});
    });
     
    app.listen(80, function(){
      console.log('CORS-enabled web server listening on port 80');
    });

    Options

    For details on the effect of each CORS header, read this article on HTML5 Rocks.

    • options.origin: Configures the Access-Control-Allow-Origin CORS header. Expects a string (ex: "http://example.com"). Set to true to reflect the request origin, as defined by req.header('Origin'). Set to false to disable CORS.
    • options.methods: Configures the Access-Control-Allow-Methods CORS header. Expects a comma-delimited string (ex: 'GET,PUT,POST') or an array (ex: ['GET', 'PUT', 'POST']).
    • options.headers: Configures the Access-Control-Allow-Headers CORS header. Expects a comma-delimited string (ex: 'Content-Type,Authorization') or an array (ex: ['Content-Type', 'Authorization]). If not specified, defaults to reflecting the headers specified in the request's Access-Control-Request-Headers header.
    • options.credentials: Configures the Access-Control-Allow-Credentials CORS header. Set to true to pass the header, otherwise it is omitted.
    • options.maxAge: Configures the Access-Control-Allow-Max-Age CORS header. Set to an integer to pass the header, otherwise it is omitted.
    • options.enablePreflight: By default, a request that runs through this middleware with a method of OPTIONS will short-circuit with a 204 response to the client after the CORS headers have been written. Set this option to false to disable this feature.

    License

    MIT License

    Author

    Troy Goode (troygoode@gmail.com)

    Install

    npm i cors@0.0.1

    Version

    0.0.1

    License

    MIT

    Last publish

    Collaborators

    • dougwilson
    • troygoode