Awesome
@koa/cors
Cross-Origin Resource Sharing(CORS) for koa
Installation
$ npm install @koa/cors --save
Quick start
Enable cors with default options:
- origin:
*
(v4 and before: the request's Origin header). This means that by default the requests from all origin webpages will be allowed. If you're running a generic API server, this is what you want, but otherwise you should look into changing the default to something more suitable to your application. - allowMethods: GET,HEAD,PUT,POST,DELETE,PATCH
const Koa = require('koa');
const cors = require('@koa/cors');
const app = new Koa();
app.use(cors());
cors(options)
/**
* CORS middleware
*
* @param {Object} [options]
* - {String|Function(ctx)} origin `Access-Control-Allow-Origin`, default is '*'
* If `credentials` set and return `true, the `origin` default value will set to the request `Origin` header
* - {String|Array} allowMethods `Access-Control-Allow-Methods`, default is 'GET,HEAD,PUT,POST,DELETE,PATCH'
* - {String|Array} exposeHeaders `Access-Control-Expose-Headers`
* - {String|Array} allowHeaders `Access-Control-Allow-Headers`
* - {String|Number} maxAge `Access-Control-Max-Age` in seconds
* - {Boolean|Function(ctx)} credentials `Access-Control-Allow-Credentials`, default is false.
* - {Boolean} keepHeadersOnError Add set headers to `err.header` if an error is thrown
* - {Boolean} secureContext `Cross-Origin-Opener-Policy` & `Cross-Origin-Embedder-Policy` headers.', default is false
* - {Boolean} privateNetworkAccess handle `Access-Control-Request-Private-Network` request by return `Access-Control-Allow-Private-Network`, default to false
* @return {Function} cors middleware
* @api public
*/
Breaking change between 4.0 and 5.0
The default origin
is set to *
, if you want to keep the 4.0 behavior, you can set the origin
handler like this:
app.use(cors({
origin(ctx) {
return ctx.get('Origin') || '*';
},
}));
License
<!-- GITCONTRIBUTOR_START -->Contributors
This project follows the git-contributor spec, auto updated at Sat Oct 08 2022 21:35:10 GMT+0800
.