cors-helper
Advanced tools
Simple pattern matching helper for allowing/blocking certain domains to support dynamic CORS validation in a NodeJS application
This piece of ExpressJs middleware exists to make it easier to configure CORS settings in a NodeJs app with either a list of blocked or allowed IPs/URLs/Domains.
npm install cors-helper
A somewhat standard Express app would setup some key pieces of middleware (body-parser, compression, helmet, etc), but rather than using cors middleware out-of-the-box (by default cors() will allow everything!), instead you can pass it a function to dynamically handle origins. This cors-helper package provides you two factory functions that will create that function for you (depending on whether you want to block or allow certain IPs/URLs/Domains).
const cors = require('cors')
const helmet = require('helmet')
const express = require('express')
const bodyParser = require('body-parser')
const compression = require('compression')
const { createBlockedListMiddleware } = require('cors-helper')
// An array of strings representing all the sites you DON'T want to allow
const listOfBadSites = require('./block_these_ips_and_domains.json')
const corsOptions = createBlockedListMiddleware(listOfBadSites)
const port = process.env.PORT || 5000
express()
.use(bodyParser.json({ limit: '4mb' }))
.use(bodyParser.urlencoded({ extended: true }))
.use(compression)
.use(cors(corsOptions))
.use(helmet)
.listen(port, () => console.log(`app is now listening on port ${port}`))
This package exports two named factory functions that take a list of IPs, URLs, and/or Domains that you will be able to allow or block when your cors middleware is set up.
allowCrossDomainMiddleware - A common piece of middleware that is used (mostly) for local development to completely turn off cors validation by setting certain headers (not typically used in production)createBlockedListMiddleware - A function that takes an Array of (String) values that represent the IPs, URLs, and/or Domains to reject (everything else will be allowed)createAllowedListMiddleware - A function that takes an Array of (String) values that represent the IPs, URLs, and/or Domains to allow (everything else will be rejected)FAQs
Simple pattern matching helper for allowing/blocking certain domains to support dynamic CORS validation in a NodeJS application
We found that cors-helper demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.