0.2.8 • Published 7 years ago
universal-cors v0.2.8
universal-cors
CORS middleware implementation with emphasis on configurability of dynamic origins.
Install
npm i -S universal-cors
How to use
import express from 'express'
import cors, { origins } from 'universal-cors'
const app = express()
/** cors middleware to accept any pattern matching example.com subdomains */
app.use(cors({ patterns: [ /^https:\/\/.*\.example\.com/ ]}))
/** ROUTERS GO HERE */
Documentation
cors default export - middleware for auto handling preflight responses, testing dynamic origins, and attaching cors response headers when valid request occurs
cors([opts: Object]): function(req, res, next)
opts
name | type | default | description |
---|---|---|---|
patterns | string|RegExp|Array<string|RegExp> | required | the pattern(s) to test for cors origins, if pattern matches, the response will get valid cors response headers. |
preflight | function(req): responseHeaders | (req) => {} | issues preflight responses for OPTIONS method requests and returns specified headers |
tracing | boolean | false | toggles tracing for debugging purposes |
logger | Object | console | the logger object to trace to |
loglevel | string | 'info' | the log level to use when tracing (error , warn , info , trace ) |
An example of what you might set for preflight:
const preflight = req => {
return { 'Access-Control-Allow-Origin': req.headers.origin
, 'Access-Control-Max-Age': 604800 // Specifies how long the preflight response can be cached in seconds
, 'Access-Control-Allow-Methods': 'GET, PUT, POST, DELETE'
, 'Access-Control-Allow-Headers': 'Content-Type, Authorization'
, 'Access-Control-Allow-Credentials': true
}
}
origins export - granular origin testing functionality
origins([opts: Object]): { isOk: function(domain: string): boolean }
opts
name | type | default | description |
---|---|---|---|
patterns | string|RegExp|Array<string|RegExp> | required | the pattern(s) to test for cors origins, if pattern matches, the response will get valid cors response headers. |
tracing | boolean | false | toggles tracing for debugging purposes |
logger | Object | console | the logger object to trace to |
loglevel | string | 'info' | the log level to use when tracing (error , warn , info , trace ) |