@koa/cors

What is @koa/cors?

@koa/cors is a middleware for Koa.js that enables Cross-Origin Resource Sharing (CORS) with various configuration options. It allows you to specify which origins are permitted to access your resources, as well as other CORS-related settings.

What are @koa/cors's main functionalities?

Basic CORS Setup

This code sets up a basic Koa server with CORS enabled for all origins. It uses the @koa/cors middleware without any additional configuration.

const Koa = require('koa');
const cors = require('@koa/cors');
const app = new Koa();
app.use(cors());
app.listen(3000);

Restricting Origins

This code configures the @koa/cors middleware to only allow requests from 'https://example.com'.

const Koa = require('koa');
const cors = require('@koa/cors');
const app = new Koa();
app.use(cors({ origin: 'https://example.com' }));
app.listen(3000);

Configuring Additional CORS Options

This code demonstrates how to configure additional CORS options such as allowed methods, headers, exposed headers, max age, and credentials.

const Koa = require('koa');
const cors = require('@koa/cors');
const app = new Koa();
app.use(cors({
  origin: '*',
  allowMethods: ['GET', 'POST'],
  allowHeaders: ['Content-Type', 'Authorization'],
  exposeHeaders: ['Content-Length', 'Date'],
  maxAge: 3600,
  credentials: true
}));
app.listen(3000);

Other packages similar to @koa/cors

cors

The 'cors' package is a popular middleware for enabling CORS in Express.js applications. It offers similar functionality to @koa/cors but is designed for use with Express.js instead of Koa.js.

fastify-cors

The 'fastify-cors' package is a CORS plugin for Fastify, a fast and low-overhead web framework for Node.js. It provides similar CORS configuration options as @koa/cors but is tailored for Fastify applications.

hapi-cors

The 'hapi-cors' package is a CORS plugin for Hapi.js, a rich framework for building applications and services. It offers similar CORS functionality to @koa/cors but is designed for use with Hapi.js.

README

@koa/cors

Cross-Origin Resource Sharing(CORS) for koa

Installation

$ npm install @koa/cors --save

Quick start

Enable cors with default options:

• origin: request Origin header
• allowMethods: GET,HEAD,PUT,POST,DELETE,PATCH

const Koa = require('koa');
const cors = require('@koa/cors');

const app = new Koa();
app.use(cors());

cors(options)

/**
 * CORS middleware
 *
 * @param {Object} [options]
 *  - {String|Function(ctx)} origin `Access-Control-Allow-Origin`, default is '*'
 *    If `credentials` set and return `true, the `origin` default value will set to the request `Origin` header
 *  - {String|Array} allowMethods `Access-Control-Allow-Methods`, default is 'GET,HEAD,PUT,POST,DELETE,PATCH'
 *  - {String|Array} exposeHeaders `Access-Control-Expose-Headers`
 *  - {String|Array} allowHeaders `Access-Control-Allow-Headers`
 *  - {String|Number} maxAge `Access-Control-Max-Age` in seconds
 *  - {Boolean|Function(ctx)} credentials `Access-Control-Allow-Credentials`, default is false.
 *  - {Boolean} keepHeadersOnError Add set headers to `err.header` if an error is thrown
 *  - {Boolean} secureContext `Cross-Origin-Opener-Policy` & `Cross-Origin-Embedder-Policy` headers.', default is false
 *  - {Boolean} privateNetworkAccess handle `Access-Control-Request-Private-Network` request by return `Access-Control-Allow-Private-Network`, default to false
 * @return {Function} cors middleware
 * @api public
 */

Breaking change between 5.0 and 4.0

The default origin is set to *, if you want to keep the 4.0 behavior, you can set the origin handler like this:

app.use(cors({
  origin(ctx) {
    return ctx.get('Origin') || '*';
  },
}));

License

MIT

Contributors

fengmk2	dead-horse	omsmith	jonathanong	AlphaWong	cma-skedulo
CleberRossi	erikfried	j-waaang	ltomes	lfreneda	matthewmueller
PlasmaPower	swain	TyrealHu	xg-wang	lishengzxc	mcohen75

This project follows the git-contributor spec, auto updated at Sat Oct 08 2022 21:35:10 GMT+0800.