Security News
Opengrep Emerges as Open Source Alternative Amid Semgrep Licensing Controversy
Opengrep forks Semgrep to preserve open source SAST in response to controversial licensing changes.
By Sarah Gooding - Jan 28, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
github.com/captncraig/cors
- Version published
- Created
cors gives you easy control over Cross Origin Resource Sharing for your site.
It allows you to whitelist particular domains per route, or to simply allow all domains * If desired you may customize nearly every aspect of the specification.
Syntax
cors [path] [domains...] {
origin [origin]
origin_regexp [regexp]
methods [methods]
allow_credentials [allowCredentials]
max_age [maxAge]
allowed_headers [allowedHeaders]
exposed_headers [exposedHeaders]
}
- path is the file or directory this applies to (default is /).
- domains is a space-seperated list of domains to allow. If ommitted, all domains will be granted access.
- origin is a domain to grant access to. May be specified multiple times or ommitted.
- origin_regexp is a regexp that will be matched to the
Originheader. Access will be granted accordingly. It can be used in conjonction with theoriginconfig (executed as a fallback toorigin). May be specified multiple times or ommitted. - methods is set of http methods to allow. Default is these: POST,GET,OPTIONS,PUT,DELETE.
- allow_credentials sets the value of the Access-Control-Allow-Credentials header. Can be true or false. By default, header will not be included.
- max_age is the length of time in seconds to cache preflight info. Not set by default.
- allowed_headers is a comma-seperated list of request headers a client may send.
- exposed_headers is a comma-seperated list of response headers a client may access.
Examples
Simply allow all domains to request any path:
cors
Protect specific paths only, and only allow a few domains:
cors /foo http://mysite.com http://anothertrustedsite.com
Full configuration:
cors / {
origin http://allowedSite.com
origin http://anotherSite.org https://anotherSite.org
origin_regexp .+\.example\.com$
methods POST,PUT
allow_credentials false
max_age 3600
allowed_headers X-Custom-Header,X-Foobar
exposed_headers X-Something-Special,SomethingElse
}
FAQs
Unknown package
Package last updated on 03 Jul 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
By Sarah Gooding - Jan 24, 2025
Security News
cURL Project and Go Security Teams Reject CVSS as Broken
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
By Sarah Gooding - Jan 24, 2025