universal-cors
CORS middleware implementation with emphasis on configurability of dynamic origins.
Install
npm i -S universal-cors
How to use
const app = /** cors middleware to accept any pattern matching example.com subdomains */app /** ROUTERS GO HERE */
Documentation
cors default export - middleware for auto handling preflight responses, testing dynamic origins, and attaching cors response headers when valid request occurs
:
opts
name | type | default | description |
---|---|---|---|
patterns |
string|RegExp|Array<string|RegExp> |
required | the pattern(s) to test for cors origins, if pattern matches, the response will get valid cors response headers. |
preflight |
function(req): responseHeaders |
(req) => {} |
issues preflight responses for OPTIONS method requests and returns specified headers |
tracing |
boolean |
false |
toggles tracing for debugging purposes |
logger |
Object |
console |
the logger object to trace to |
loglevel |
string |
'info' |
the log level to use when tracing (error , warn , info , trace ) |
An example of what you might set for preflight:
const preflight = { return 'Access-Control-Allow-Origin': reqheadersorigin 'Access-Control-Max-Age': 604800 // Specifies how long the preflight response can be cached in seconds 'Access-Control-Allow-Methods': 'GET, PUT, POST, DELETE' 'Access-Control-Allow-Headers': 'Content-Type, Authorization' 'Access-Control-Allow-Credentials': true }
origins export - granular origin testing functionality
: : boolean }
opts
name | type | default | description |
---|---|---|---|
patterns |
string|RegExp|Array<string|RegExp> |
required | the pattern(s) to test for cors origins, if pattern matches, the response will get valid cors response headers. |
tracing |
boolean |
false |
toggles tracing for debugging purposes |
logger |
Object |
console |
the logger object to trace to |
loglevel |
string |
'info' |
the log level to use when tracing (error , warn , info , trace ) |