Tiny Express middleware for facilitating CORS.
npm install @altrdpdgm/cors| Method | Description |
|---| ---|
|setOriginList | takes an Array of origins to allow CORS requests from. |
|getOriginList | returns the current list of allowed origins.|
|handleCORS | Express middleware function. Handles pre-flight requests; sets user-defined or default response headers. |
| Function | Description |
|---|---|
|validateOrigin | Determines whether the origin making the request is allowed by checking for the origin in the internal __originList via Array.prototype.includes. |
|isPreFlight | Determines whether a request is a pre-flight request; checks for OPTIONS method, Access-Control-Request-Method header and the origin of the request. |
If no user-defined response headers are found in the headers property of the options object (detailed below) when the @altrdpdgm/cors module is instantiated, the following response headers will be set automatically:
{
"Access-Control-Allow-Origin": validateOrigin(req.headers["origin"]),
"Access-Control-Allow-Headers": "Content-Type, Authorization",
"Access-Control-Allow-Methods": "DELETE"
}
The response header object takes any options that can be set on the response using the Express res.set method
$npm install @altrdpdgm/cors
javascript
const express = require("express");
const app = express();
const CORSModule = require("@altrdpdgm/altrd-cors")({options}) //<= set custom response headers in a configuration object on a headers property.
CORSModule.setOriginList(["http://localhost:3000", "http://10.0.18.108", "http://0.0.0.0"]);//Configure the Express application to use the CORSModule on all incoming requests.
app.use(CORSModule.handleCORS)
``