control-access

Easy CORS handling

Install

$ npm install control-access

Usage

const controlAccess = require('control-access');

module.exports = (req, res) => {
	controlAccess()(req, res);
	res.end('unicorns');
};

API

controlAccess([options])(request, response)

options

Type: Object

allowCredentials

Type: boolean

Access-Control-Allow-Credentials indicates whether or not the response to the request can be exposed when the credentials flag is true.

Can be set globally with the ACCESS_ALLOW_CREDENTIALS environment variable. Possible values are 1 and 0.

allowHeaders

Type: Array string

Access-Control-Allow-Headers is used in response to a preflight request to indicate which HTTP headers can be used when making the actual request.

Can be set globally with the ACCESS_ALLOW_HEADERS environment variable using a comma delimited string.

allowMethods

Type: Array string

Access-Control-Allow-Methods specifies the method or methods allowed when accessing the resource.

Can be set globally with the ACCESS_ALLOW_METHODS environment variable using a comma delimited string.

allowOrigin

Type: string

Access-Control-Allow-Origin specifies a URI that may access the resource.

Can be set globally with the ACCESS_ALLOW_ORIGIN environment variable.

exposeHeaders

Type: Array string

Access-Control-Expose-Headers response header indicates which headers can be exposed as part of the response.

Can be set globally with the ACCESS_EXPOSE_HEADERS environment variable using a comma delimited string.

maxAge

Type: number

Access-Control-Max-Age indicates how long the results of a preflight request can be cached.

Can be set globally with the ACCESS_MAX_AGE environment variable.

request

Type: http.IncomingMessage

Incoming HTTP request.

response

Type: http.ServerResponse

Response object.

Related

• micro-access - Easy CORS handling for micro

License

MIT © Kevin Mårtensson