0.2.8 • Published 7 years ago

universal-cors v0.2.8

Weekly downloads
2
License
MIT
Repository
github
Last release
7 years ago

universal-cors

CORS middleware implementation with emphasis on configurability of dynamic origins.

Build Status codecov

NPM

Install

npm i -S universal-cors

How to use

import express from 'express'
import cors, { origins } from 'universal-cors'


const app = express()

/** cors middleware to accept any pattern matching example.com subdomains */
app.use(cors({ patterns: [ /^https:\/\/.*\.example\.com/ ]}))

/** ROUTERS GO HERE */

Documentation

cors default export - middleware for auto handling preflight responses, testing dynamic origins, and attaching cors response headers when valid request occurs

cors([opts: Object]): function(req, res, next)

opts

nametypedefaultdescription
patternsstring|RegExp|Array<string|RegExp>requiredthe pattern(s) to test for cors origins, if pattern matches, the response will get valid cors response headers.
preflightfunction(req): responseHeaders(req) => {}issues preflight responses for OPTIONS method requests and returns specified headers
tracingbooleanfalsetoggles tracing for debugging purposes
loggerObjectconsolethe logger object to trace to
loglevelstring'info'the log level to use when tracing (error, warn, info, trace)

An example of what you might set for preflight:

const preflight = req => {
  return  { 'Access-Control-Allow-Origin': req.headers.origin
          , 'Access-Control-Max-Age': 604800 // Specifies how long the preflight response can be cached in seconds
          , 'Access-Control-Allow-Methods': 'GET, PUT, POST, DELETE'
          , 'Access-Control-Allow-Headers': 'Content-Type, Authorization'
          , 'Access-Control-Allow-Credentials': true
          }
}

origins export - granular origin testing functionality

origins([opts: Object]): { isOk: function(domain: string): boolean }

opts

nametypedefaultdescription
patternsstring|RegExp|Array<string|RegExp>requiredthe pattern(s) to test for cors origins, if pattern matches, the response will get valid cors response headers.
tracingbooleanfalsetoggles tracing for debugging purposes
loggerObjectconsolethe logger object to trace to
loglevelstring'info'the log level to use when tracing (error, warn, info, trace)
corscrossoriginresourcesharingdynamicorigins
chai
@everything-registry/sub-chunk-3015
0.2.8

7 years ago

0.2.7

7 years ago

0.2.6

8 years ago

0.2.5

8 years ago

0.2.4

8 years ago

0.2.3

8 years ago

0.2.2

8 years ago

0.2.1

8 years ago