Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

github.com/captncraig/cors

Package Overview
Dependencies
Alerts
File Explorer
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

github.com/captncraig/cors

  • v0.0.0-20190703115713-e80254a89df1
  • Source
  • Go
  • Socket score
Version published
Created
Source

cors gives you easy control over Cross Origin Resource Sharing for your site.

It allows you to whitelist particular domains per route, or to simply allow all domains * If desired you may customize nearly every aspect of the specification.

Syntax

cors [path] [domains...] {
	origin            [origin]
	origin_regexp     [regexp]
	methods           [methods]
	allow_credentials [allowCredentials]
	max_age           [maxAge]
	allowed_headers   [allowedHeaders]
	exposed_headers   [exposedHeaders]
}
  • path is the file or directory this applies to (default is /).
  • domains is a space-seperated list of domains to allow. If ommitted, all domains will be granted access.
  • origin is a domain to grant access to. May be specified multiple times or ommitted.
  • origin_regexp is a regexp that will be matched to the Origin header. Access will be granted accordingly. It can be used in conjonction with the origin config (executed as a fallback to origin). May be specified multiple times or ommitted.
  • methods is set of http methods to allow. Default is these: POST,GET,OPTIONS,PUT,DELETE.
  • allow_credentials sets the value of the Access-Control-Allow-Credentials header. Can be true or false. By default, header will not be included.
  • max_age is the length of time in seconds to cache preflight info. Not set by default.
  • allowed_headers is a comma-seperated list of request headers a client may send.
  • exposed_headers is a comma-seperated list of response headers a client may access.

Examples

Simply allow all domains to request any path:

cors

Protect specific paths only, and only allow a few domains:

cors /foo http://mysite.com http://anothertrustedsite.com

Full configuration:

cors / {
  origin            http://allowedSite.com
  origin            http://anotherSite.org https://anotherSite.org
  origin_regexp     .+\.example\.com$
  methods           POST,PUT
  allow_credentials false
  max_age           3600
  allowed_headers   X-Custom-Header,X-Foobar
  exposed_headers   X-Something-Special,SomethingElse
}

FAQs

Package last updated on 03 Jul 2019

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Risky Business Podcast: Why Open Source Software Needs Better Malware Tracking

Security News

Risky Business Podcast: Why Open Source Software Needs Better Malware Tracking

In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.

By Sarah Gooding  -  Nov 20, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc