CORS middleware implementation with emphasis on configurability of dynamic origins.
npm i -S universal-cors
import express from 'express'
import cors, { origins } from 'universal-cors'
const app = express()
/** cors middleware to accept any pattern matching example.com subdomains */
app.use(cors({ patterns: [ /^https:\/\/.*\.example\.com/ ]}))
/** ROUTERS GO HERE */cors default export - middleware for auto handling preflight responses, testing dynamic origins, and attaching cors response headers when valid request occurs
cors([opts: Object]): function(req, res, next)opts
| name | type | default | description |
|---|---|---|---|
patterns |
`string | RegExp | Array<string |
preflight |
function(req): responseHeaders |
(req) => {} |
issues preflight responses for OPTIONS method requests and returns specified headers |
tracing |
boolean |
false |
toggles tracing for debugging purposes |
logger |
Object |
console |
the logger object to trace to |
loglevel |
string |
'info' |
the log level to use when tracing (error, warn, info, trace) |
An example of what you might set for preflight:
const preflight = req => {
return { 'Access-Control-Allow-Origin': req.headers.origin
, 'Access-Control-Max-Age': 604800 // Specifies how long the preflight response can be cached in seconds
, 'Access-Control-Allow-Methods': 'GET, PUT, POST, DELETE'
, 'Access-Control-Allow-Headers': 'Content-Type, Authorization'
, 'Access-Control-Allow-Credentials': true
}
}origins export - granular origin testing functionality
origins([opts: Object]): { isOk: function(domain: string): boolean }opts
| name | type | default | description |
|---|---|---|---|
patterns |
`string | RegExp | Array<string |
tracing |
boolean |
false |
toggles tracing for debugging purposes |
logger |
Object |
console |
the logger object to trace to |
loglevel |
string |
'info' |
the log level to use when tracing (error, warn, info, trace) |
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent