CORS middleware implementation with emphasis on configurability of dynamic origins.
npm i -S universal-cors
import express from 'express'
import cors, { origins } from 'universal-cors'
const app = express()
/** cors middleware to accept any pattern matching example.com subdomains */
app.use(cors({ patterns: [ /^https:\/\/.*\.example\.com/ ]}))
/** ROUTERS GO HERE */
cors default export - middleware for auto handling preflight responses, testing dynamic origins, and attaching cors response headers when valid request occurs
cors([opts: Object]): function(req, res, next)
opts
name | type | default | description |
---|---|---|---|
patterns |
`string | RegExp | Array<string |
preflight |
function(req): responseHeaders |
(req) => {} |
issues preflight responses for OPTIONS method requests and returns specified headers |
tracing |
boolean |
false |
toggles tracing for debugging purposes |
logger |
Object |
console |
the logger object to trace to |
loglevel |
string |
'info' |
the log level to use when tracing (error , warn , info , trace ) |
An example of what you might set for preflight:
const preflight = req => {
return { 'Access-Control-Allow-Origin': req.headers.origin
, 'Access-Control-Max-Age': 604800 // Specifies how long the preflight response can be cached in seconds
, 'Access-Control-Allow-Methods': 'GET, PUT, POST, DELETE'
, 'Access-Control-Allow-Headers': 'Content-Type, Authorization'
, 'Access-Control-Allow-Credentials': true
}
}
origins export - granular origin testing functionality
origins([opts: Object]): { isOk: function(domain: string): boolean }
opts
name | type | default | description |
---|---|---|---|
patterns |
`string | RegExp | Array<string |
tracing |
boolean |
false |
toggles tracing for debugging purposes |
logger |
Object |
console |
the logger object to trace to |
loglevel |
string |
'info' |
the log level to use when tracing (error , warn , info , trace ) |