@types/cors

What is @types/cors?

The @types/cors package provides TypeScript type definitions for the cors middleware used in Express/Connect applications. It allows TypeScript developers to use cors in their projects with the benefits of type checking and IntelliSense in their IDE. This package does not contain functionality by itself but offers type definitions to enhance development experience when using the cors package.

What are @types/cors's main functionalities?

CORS Configuration

This code sample demonstrates how to configure CORS policy for an Express application. It specifies that only requests from 'http://example.com' are allowed and sets a successful status code for preflight requests.

{ "origin": "http://example.com", "optionsSuccessStatus": 200 }

Enabling CORS for a Single Route

This example shows how to enable CORS for a specific route in an Express application. It uses the cors middleware directly in the route definition.

app.get('/products/:id', cors(), function (req, res, next) { res.json({msg: 'This is CORS-enabled for a Single Route'}); })

Other packages similar to @types/cors

helmet

Helmet is a middleware for Express applications that helps secure your apps by setting various HTTP headers, not directly related to CORS but contributes to overall security. Unlike @types/cors, which provides type definitions for CORS configuration, Helmet focuses on a broader range of security features.

express-rate-limit

Express-rate-limit is a middleware to help protect your app from brute-force attacks, which is different from what @types/cors offers. While @types/cors focuses on type definitions for handling cross-origin requests, express-rate-limit provides functionality to limit repeated requests to public APIs and endpoints.

README

Installation

npm install --save @types/cors

Summary

This package contains type definitions for cors (https://github.com/expressjs/cors/).

Details

Files were exported from https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/cors.

index.d.ts

/// <reference types="node" />

import { IncomingHttpHeaders } from "http";

type StaticOrigin = boolean | string | RegExp | Array<boolean | string | RegExp>;

type CustomOrigin = (
    requestOrigin: string | undefined,
    callback: (err: Error | null, origin?: StaticOrigin) => void,
) => void;

declare namespace e {
    interface CorsRequest {
        method?: string | undefined;
        headers: IncomingHttpHeaders;
    }
    interface CorsOptions {
        /**
         * @default '*'
         */
        origin?: StaticOrigin | CustomOrigin | undefined;
        /**
         * @default 'GET,HEAD,PUT,PATCH,POST,DELETE'
         */
        methods?: string | string[] | undefined;
        allowedHeaders?: string | string[] | undefined;
        exposedHeaders?: string | string[] | undefined;
        credentials?: boolean | undefined;
        maxAge?: number | undefined;
        /**
         * @default false
         */
        preflightContinue?: boolean | undefined;
        /**
         * @default 204
         */
        optionsSuccessStatus?: number | undefined;
    }
    type CorsOptionsDelegate<T extends CorsRequest = CorsRequest> = (
        req: T,
        callback: (err: Error | null, options?: CorsOptions) => void,
    ) => void;
}

declare function e<T extends e.CorsRequest = e.CorsRequest>(
    options?: e.CorsOptions | e.CorsOptionsDelegate<T>,
): (
    req: T,
    res: {
        statusCode?: number | undefined;
        setHeader(key: string, value: string): any;
        end(): any;
    },
    next: (err?: any) => any,
) => void;
export = e;

Additional Details

• Last updated: Sat, 07 Jun 2025 02:15:25 GMT
• Dependencies: @types/node

Credits

These definitions were written by Alan Plum, Gaurav Sharma, and Sebastian Beltran.