Skip to content

Latest commit

 

History

History
89 lines (67 loc) · 5.6 KB

README.md

File metadata and controls

89 lines (67 loc) · 5.6 KB

@koa/cors

NPM version Node.js CI Test coverage npm download

Cross-Origin Resource Sharing(CORS) for koa

Installation

$ npm install @koa/cors --save

Quick start

Enable cors with default options:

  • origin: * (v4 and before: the request's Origin header). This means that by default the requests from all origin webpages will be allowed. If you're running a generic API server, this is what you want, but otherwise you should look into changing the default to something more suitable to your application.
  • allowMethods: GET,HEAD,PUT,POST,DELETE,PATCH
const Koa = require('koa');
const cors = require('@koa/cors');

const app = new Koa();
app.use(cors());

cors(options)

/**
 * CORS middleware
 *
 * @param {Object} [options]
 *  - {String|Function(ctx)} origin `Access-Control-Allow-Origin`, default is '*'
 *    If `credentials` set and return `true, the `origin` default value will set to the request `Origin` header
 *  - {String|Array} allowMethods `Access-Control-Allow-Methods`, default is 'GET,HEAD,PUT,POST,DELETE,PATCH'
 *  - {String|Array} exposeHeaders `Access-Control-Expose-Headers`
 *  - {String|Array} allowHeaders `Access-Control-Allow-Headers`
 *  - {String|Number} maxAge `Access-Control-Max-Age` in seconds
 *  - {Boolean|Function(ctx)} credentials `Access-Control-Allow-Credentials`, default is false.
 *  - {Boolean} keepHeadersOnError Add set headers to `err.header` if an error is thrown
 *  - {Boolean} secureContext `Cross-Origin-Opener-Policy` & `Cross-Origin-Embedder-Policy` headers.', default is false
 *  - {Boolean} privateNetworkAccess handle `Access-Control-Request-Private-Network` request by return `Access-Control-Allow-Private-Network`, default to false
 * @return {Function} cors middleware
 * @api public
 */

Breaking change between 4.0 and 5.0

The default origin is set to *, if you want to keep the 4.0 behavior, you can set the origin handler like this:

app.use(cors({
  origin(ctx) {
    return ctx.get('Origin') || '*';
  },
}));

License

MIT

Contributors


fengmk2


dead-horse


omsmith


jonathanong


AlphaWong


cma-skedulo


CleberRossi


erikfried


j-waaang


ltomes


lfreneda


matthewmueller


PlasmaPower


swain


TyrealHu


xg-wang


lishengzxc


mcohen75

This project follows the git-contributor spec, auto updated at Sat Oct 08 2022 21:35:10 GMT+0800.