Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
egg-cors
Advanced tools
Changelog
3.0.0 (2023-12-11)
fixes
7990aa7
] - fix: use new URL instead of url.parse (#22) (Yiyu He <dead_horse@qq.com>)fixes
74e8c26
] - fix: should also check origin with port (#21) (Yelmor <yelmor@outlook.com>)others
53ffc7e
] - chore: update travis (TZ | 天猪 <atian25@qq.com>)fixes
499c2b1
] - fix: second-level domain and port support misjudgement (#20) (Khaidi Chu <i@2333.moe>)features
30a1b8c
] - feat: use koa/cors@3, support options.origin to be async function (#19) (Yiyu He <dead_horse@qq.com>)others
ff8b7da
] - chore(typings): add interface Config['cors'] (#12) (waiting <waiting@xiaozhong.biz>)others
120639f
] - refactor: use async function and support egg@2 (#9) (Yiyu He <dead_horse@qq.com>)Readme
CORS plugin for egg, based on @koa/cors.
$ npm i egg-cors --save
// {app_root}/config/plugin.js
exports.cors = {
enable: true,
package: 'egg-cors',
};
egg-cors
works internally with egg-security. By defining the property of domainWhiteList
on object security
, you have successfully informed the framework to whitelist the passed domains.
When you make a request from client side, egg should return an Access-Control-Allow-Origin
response header with the domain that you passed in along with the payload and status code 200.
exports.security = {
domainWhiteList: [ 'http://localhost:4200' ],
};
Support all configurations in @koa/cors.
// {app_root}/config/config.default.js
exports.cors = {
// {string|Function} origin: '*',
// {string|Array} allowMethods: 'GET,HEAD,PUT,POST,DELETE,PATCH'
};
If the origin
is set, the plugin will follow it to set the Access-Control-Allow-Origin
and ignore the security.domainWhiteList
. Otherwise, the security.domainWhiteList
which is default will take effect as described above.
Only in safe domain list support CORS when security plugin enabled.
Please open an issue here.
atian25 | dead-horse | fengmk2 | brickyang | sinchang | XadillaX |
---|---|---|---|---|---|
mattma | SoraYama | Yelmor | angela-1 | waitingsong |
This project follows the git-contributor spec, auto updated at Mon Dec 11 2023 13:25:00 GMT+0800
.
FAQs
cors plugin for egg
The npm package egg-cors receives a total of 8,930 weekly downloads. As such, egg-cors popularity was classified as popular.
We found that egg-cors demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.