cors-helper
v1.0.8
Published
Simple pattern matching helper for allowing/blocking certain domains to support dynamic CORS validation in a NodeJS application
Downloads
12
Readme
Cors Helper
This piece of ExpressJs middleware exists to make it easier to configure CORS settings in a NodeJs app with either a list of blocked or allowed IPs/URLs/Domains.
Installation
npm install cors-helper
Usage
A somewhat standard Express app would setup some key pieces of middleware (body-parser, compression, helmet, etc), but rather than using cors middleware out-of-the-box (by default cors()
will allow everything!), instead you can pass it a function to dynamically handle origins. This cors-helper
package provides you two factory functions that will create that function for you (depending on whether you want to block or allow certain IPs/URLs/Domains).
const cors = require('cors')
const helmet = require('helmet')
const express = require('express')
const bodyParser = require('body-parser')
const compression = require('compression')
const { createBlockedListMiddleware } = require('cors-helper')
// An array of strings representing all the sites you DON'T want to allow
const listOfBadSites = require('./block_these_ips_and_domains.json')
const corsOptions = createBlockedListMiddleware(listOfBadSites)
const port = process.env.PORT || 5000
express()
.use(bodyParser.json({ limit: '4mb' }))
.use(bodyParser.urlencoded({ extended: true }))
.use(compression)
.use(cors(corsOptions))
.use(helmet)
.listen(port, () => console.log(`app is now listening on port ${port}`))
API
This package exports two named factory functions that take a list of IPs, URLs, and/or Domains that you will be able to allow or block when your cors
middleware is set up.
allowCrossDomainMiddleware
- A common piece of middleware that is used (mostly) for local development to completely turn off cors validation by setting certain headers (not typically used in production)createBlockedListMiddleware
- A function that takes anArray
of (String
) values that represent the IPs, URLs, and/or Domains to reject (everything else will be allowed)createAllowedListMiddleware
- A function that takes anArray
of (String
) values that represent the IPs, URLs, and/or Domains to allow (everything else will be rejected)