AMP CORS Middleware

![npm version](https://badge.fury.io/js/amp-toolbox-cors)

The AMP CORS middleware adds CORS and
AMP CORS headers to all CORS
requests initiated by the AMP runtime. The middleware will only add these headers if the
__amp_source_origin query parameter is present. All other requests remain unchanged.

Installation

Install via:

``sh npm install amp-toolbox-cors --save`

`Usage`

Here is an example using Express:

`js const express = require('express'); const ampCors = require('amp-toolbox-cors');

const app = express();

// That's it! app.use(ampCors()); ...`

Please note that AMP CORS does not depend on Express and is based on Node's HTTP Request and Response objects.

`$3`

You can additionally filter requests by source origin. For example:

`app.use(ampCors({ sourceOriginPattern: /https:\/\/ampbyexample\.com$/ }));`

This will only allow requests with https://ampbyexample.comset as the source origin. Requests from all other origins will receive a403 response,

`$3`

By default, the AMP CORS middleware will only allow requests from AMP Caches listed on https://cdn.ampproject.org/caches.json (with the addition ofbing-amp.com). All other origins will receive a403response. To allow requests from all origins, disable this via theverifyOrigin option:

`app.use(ampCors({ verifyOrigin: false }));`

`$3`

By default, the AMP CORS middleware will allow crendentials mode for AMP CORS requests. To disable this, setallowCredentials to false.

`app.use(ampCors({ allowCredentials: false })); // => will not set "Access-Control-Allow-Credentials", "true"`

`$3`

By default, the AMP CORS middleware will allow redirects via AMP-Redirect-To. To disable this, set enableAmpRedirectTo to false.

`app.use(ampCors({ enableAmpRedirectTo: false })); // => Access-Control-Expose-Headers: AMP-Access-Control-Allow-Source-Origin instead of // Access-Control-Expose-Headers: AMP-Access-Control-Allow-Source-Origin, AMP-Redirect-To`

`$3`

For debugging requests, you can enable the verbose loggin mode via the verbose option:

`app.use(ampCors({ verbose: false }));`

`Example`

See express.js for a sample implementation. There are two scenarios in which the AMP CORS header will be added:

1. AMP CORS header will be set if the __amp_source_origin query parameter is set together with the AMP-SAME-ORIGIN header:

`$ curl --header "AMP-SAME-ORIGIN: true" -I "http://localhost:3000/items?__amp_source_origin=https://localhost:3000" HTTP/1.1 200 OK X-Powered-By: Express Access-Control-Allow-Origin: https://localhost:3000 Access-Control-Expose-Headers: AMP-Access-Control-Allow-Source-Origin AMP-Access-Control-Allow-Source-Origin: https://localhost:3000 Content-Type: application/json; charset=utf-8 ...`

2. AMP CORS header will be set if the __amp_source_origin query parameter is set together with the Origin header:

`$ curl --header "Origin: https://ampbyexample-com.cdn.ampproject.org" -I "http://localhost:3000/items?__amp_source_origin=https://localhost:3000" HTTP/1.1 200 OK X-Powered-By: Express Access-Control-Allow-Origin: https://ampbyexample-com.cdn.ampproject.org Access-Control-Expose-Headers: AMP-Access-Control-Allow-Source-Origin AMP-Access-Control-Allow-Source-Origin: https://localhost:3000 Content-Type: application/json; charset=utf-8 ...`

In all other cases, no CORS header will be set.

`$ curl -I localhost:3000/items HTTP/1.1 200 OK X-Powered-By: Express Content-Type: application/json; charset=utf-8 ...``

AMP CORS Middleware

![npm version](https://badge.fury.io/js/amp-toolbox-cors)

Installation

Install via:

``sh npm install amp-toolbox-cors --save`

`Usage`

Here is an example using Express:

`js const express = require('express'); const ampCors = require('amp-toolbox-cors');

const app = express();

// That's it! app.use(ampCors()); ...`

Please note that AMP CORS does not depend on Express and is based on Node's HTTP Request and Response objects.

`$3`

You can additionally filter requests by source origin. For example:

`app.use(ampCors({ sourceOriginPattern: /https:\/\/ampbyexample\.com$/ }));`

This will only allow requests with https://ampbyexample.comset as the source origin. Requests from all other origins will receive a403 response,

`$3`

`app.use(ampCors({ verifyOrigin: false }));`

`$3`

By default, the AMP CORS middleware will allow crendentials mode for AMP CORS requests. To disable this, setallowCredentials to false.

`app.use(ampCors({ allowCredentials: false })); // => will not set "Access-Control-Allow-Credentials", "true"`

`$3`

By default, the AMP CORS middleware will allow redirects via AMP-Redirect-To. To disable this, set enableAmpRedirectTo to false.

`$3`

For debugging requests, you can enable the verbose loggin mode via the verbose option:

`app.use(ampCors({ verbose: false }));`

`Example`

See express.js for a sample implementation. There are two scenarios in which the AMP CORS header will be added:

1. AMP CORS header will be set if the __amp_source_origin query parameter is set together with the AMP-SAME-ORIGIN header:

2. AMP CORS header will be set if the __amp_source_origin query parameter is set together with the Origin header:

In all other cases, no CORS header will be set.

`$ curl -I localhost:3000/items HTTP/1.1 200 OK X-Powered-By: Express Content-Type: application/json; charset=utf-8 ...``

amp-toolbox-cors

AMP CORS Middleware

Installation

Usage

$3

$3

$3

$3

$3

Example

amp-toolbox-cors

AMP CORS Middleware

Installation

Usage

$3

$3

$3

$3

$3

Example

Dist Tags

`Usage`

`$3`

`$3`

`$3`

`$3`

`$3`

`Example`

`Usage`

`$3`

`$3`

`$3`

`$3`

`$3`

`Example`