@tinyhttp/cors
v2.0.1
Published
CORS middleware for modern Node.js
Downloads
191,538
Maintainers
Readme
@tinyhttp/cors
A rewrite of expressjs/cors module.
HTTP cors header middleware.
Install
pnpm i @tinyhttp/cors
API
import { cors } from '@tinyhttp/cors'
cors(options)
Returns the CORS middleware with the settings specified in the parameters
Options
origin
: Can be a string defining theAccess-Control-Allow-Origin
value, a boolean which if set to true sets the header to'*'
, a Regex type, an array (for multiple origins) or a function which contains the request and response as parameters and must return the value for theAccess-Control-Allow-Origin
headermethods
: Array of method names which define theAccess-Control-Allow-Methods
header, default to all the most common methods (GET
,HEAD
,PUT
,PATCH
,POST
,DELETE
)allowedHeaders
: Configures theAccess-Control-Allow-Headers
CORS header. Expects an array (ex: ['Content-Type'
,'Authorization'
]).exposedHeaders
: Configures theAccess-Control-Expose-Headers
CORS header. If not specified, no custom headers are exposedcredentials
: Configures theAccess-Control-Allow-Credentials
CORS header. Set to true to pass the header, otherwise it is omitted.maxAge
: Configures theAccess-Control-Max-Age
CORS header. Set to an integer to pass the header, otherwise it is omitted.optionsSuccessStatus
: Provides a status code to use for successful OPTIONS requests, since some legacy browsers (IE11, various SmartTVs) choke on 204.preflightContinue
: Set 204 and finish response iftrue
, callnext
if false.
The default configuration is:
{
"origin": "*",
"methods": ["GET", "HEAD", "PUT", "PATCH", "POST", "DELETE"],
"optionsSuccessStatus": 204,
"preflightContinue": false
}
Example
import { App } from '@tinyhttp/app'
import { cors } from '@tinyhttp/cors'
const app = new App()
app
.use(cors({ origin: 'https://myfantastic.site/' }))
.options('*', cors())
.get('/', (req, res) => {
res.send('The headers contained in my response are defined in the cors middleware')
})
.listen(3000)