egg-cors
CORS plugin for egg, based on @koa/cors.
Install
$ npm i egg-cors --save
Usage
// {app_root}/config/plugin.jsexportscors = enable: true package: 'egg-cors';
egg-cors
works internally with egg-security. By defining the property of domainWhiteList
on object security
, you have successfully informed the framework to whitelist the passed domains.
When you make a request from client side, egg should return an Access-Control-Allow-Origin
response header with the domain that you passed in along with the payload and status code 200.
exportssecurity = domainWhiteList: 'http://localhost:4200' ;
Configuration
Support all configurations in @koa/cors.
// {app_root}/config/config.default.jsexportscors = // {string|Function} origin: '*', // {string|Array} allowMethods: 'GET,HEAD,PUT,POST,DELETE,PATCH';
If the origin
is set, the plugin will follow it to set the Access-Control-Allow-Origin
and ignore the security.domainWhiteList
. Otherwise, the security.domainWhiteList
which is default will take effect as described above.
Security
Only in safe domain list support CORS when security plugin enabled.
Questions & Suggestions
Please open an issue here.