2.0.0 • Published 7 years ago
@altrdpdgm/cors v2.0.0
@altrdpdgm/cors
Tiny Express middleware for facilitating CORS requests.
API Reference
Method | Description |
---|---|
setOriginList | takes an Array of origins to allow CORS requests from. |
getOriginList | returns the current list of allowed origins. |
handleCORS | Express middleware function. Handles pre-flight requests; sets user-defined or default response headers. |
Implementation Reference
Function | Description |
---|---|
validateOrigin | Determines whether the origin making the request is allowed by checking for the origin in the internal __originList via Array.prototype.includes . |
isPreFlight | Determines whether a request is a pre-flight request; checks for OPTIONS method, Access-Control-Request-Method header and the origin of the request. |
Default Configuration
If no user-defined response headers are found in the headers
property of the options object (detailed below) when the @altrdpdgm/cors module is instantiated, the following response headers will be set automatically:
{
"Access-Control-Allow-Origin": validateOrigin(req.headers["origin"]),
"Access-Control-Allow-Headers": "Content-Type, Authorization",
"Access-Control-Allow-Methods": "DELETE"
}
The response header object takes any options that can be set on the response using the Express res.set method
Installation
$npm install @altrdpdgm/cors
Example Instantiation
const express = require("express");
const app = express();
const CORSModule = require("@altrdpdgm/altrd-cors")({options}) //<= set custom response headers in a configuration object on a `headers` property.
CORSModule.setOriginList(["http://localhost:3000", "http://10.0.18.108", "http://0.0.0.0"]);
//Configure the Express application to use the CORSModule on all incoming requests.
app.use(CORSModule.handleCORS)
2.0.0
7 years ago