@starefossen/express-cors
Advanced tools
Cross-origin resource sharing headers middleware for Express.js
Smart CORS headers middleware for your Express.js applications.
$ npm install @starefossen/express-cors --save
const cors = require('@starefossen/express-cors');
The simple configuration is controlled by environment variables:
| Variable | Description | Default |
|---|---|---|
CORS_ALLOW_CREDENTIALS | allow-credentials (boolean) | undefined |
CORS_ALLOW_HEADERS | allow-headers header (comma separated string) | Content-Type |
CORS_ALLOW_METHODS | allow-methods header (comma separated string) | GET, OPTIONS |
CORS_ALLOW_ORIGINS | orins whitelist (comma seperated string) | "" |
CORS_DENY_ORIGINS | origins blacklist (comma seperated string) | "" |
CORS_EXPOSE_HEADERS | expose-headers header (comma seperated string) | "" |
CORS_MAX_AGE | max-age header (integer) | 0 |
CORS_REQUIRE_ORIGIN | require origin header from client (boolean) | false |
const cors = require('@starefossen/express-cors');
app.use(cors.middleware);
The advanced configuration takes in a configuration object. All values defaults to their environment conunterpart as statated in the simple configuration.
const cors = require('@starefossen/express-cors');
app.use(cors({
allowCredentials: false,
allowHeaders: 'Content-Type',
allowMethods: 'GET, OPTIONS',
allowOrigins: 'foo.com,bar.com',
denyOrigins: 'example.com',
exposeHeaders: 'x-request-time',
maxAge: 133734,
requireOrigin: true,
});
If you want to allow local development domains like localhost or file:// you
can add the following to your CORS_ALLOW_ORIGINS environment variable:
CORS_ALLOW_ORIGINS='localhost,null'
FAQs
Cross-origin resource sharing headers middleware for Express.js
We found that @starefossen/express-cors demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A critical vm2 sandbox escape can allow untrusted JavaScript to break isolation and execute commands on the host Node.js process.
Research
Five malicious NuGet packages impersonate Chinese .NET libraries to deploy a stealer targeting browser credentials, crypto wallets, SSH keys, and local files.
Security News
pnpm 11 turns on a 1-day Minimum Release Age and blocks exotic subdeps by default, adding safeguards against fast-moving supply chain attacks.