{"id":13507977,"url":"https://github.com/mschae/cors_plug","last_synced_at":"2025-05-15T03:07:46.425Z","repository":{"id":21522919,"uuid":"24842121","full_name":"mschae/cors_plug","owner":"mschae","description":"An Elixir Plug to add CORS.","archived":false,"fork":false,"pushed_at":"2023-11-11T03:06:14.000Z","size":214,"stargazers_count":407,"open_issues_count":10,"forks_count":75,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-05-03T02:11:00.617Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://hex.pm/packages/cors_plug","language":"Elixir","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mschae.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2014-10-06T10:45:00.000Z","updated_at":"2025-03-27T13:02:10.000Z","dependencies_parsed_at":"2024-01-08T19:22:07.198Z","dependency_job_id":null,"html_url":"https://github.com/mschae/cors_plug","commit_stats":{"total_commits":132,"total_committers":37,"mean_commits":"3.5675675675675675","dds":0.5303030303030303,"last_synced_commit":"b2d6d0f6b7ed40b4e692736010de45b848573215"},"previous_names":[],"tags_count":25,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mschae%2Fcors_plug","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mschae%2Fcors_plug/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mschae%2Fcors_plug/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mschae%2Fcors_plug/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mschae","download_url":"https://codeload.github.com/mschae/cors_plug/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254044050,"owners_count":22005065,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T02:00:44.838Z","updated_at":"2025-05-15T03:07:41.415Z","avatar_url":"https://github.com/mschae.png","language":"Elixir","funding_links":[],"categories":["Framework Components","Elixir"],"sub_categories":[],"readme":"# CorsPlug\n\n[![CI](https://github.com/mschae/cors_plug/workflows/Tests/badge.svg)](https://github.com/mschae/cors_plug/actions?query=workflow%3ATests)\n[![Module Version](https://img.shields.io/hexpm/v/cors_plug.svg)](https://hex.pm/packages/cors_plug)\n[![Hex Docs](https://img.shields.io/badge/hex-docs-lightgreen.svg)](https://hexdocs.pm/cors_plug/)\n[![Total Download](https://img.shields.io/hexpm/dt/cors_plug.svg)](https://hex.pm/packages/cors_plug)\n[![License](https://img.shields.io/hexpm/l/cors_plug.svg)](https://github.com/mschae/cors_plug/blob/main/LICENSE)\n[![Last Updated](https://img.shields.io/github/last-commit/mschae/cors_plug.svg)](https://github.com/mschae/cors_plug/commits/main)\n\nAn [Elixir Plug](http://github.com/elixir-lang/plug) to add [Cross-Origin Resource Sharing (CORS)](http://www.w3.org/TR/cors/).\n\n## Usage\n\nAdd this plug to your `mix.exs` dependencies:\n\n```elixir\ndef deps do\n  # ...\n  {:cors_plug, \"~\u003e 3.0\"},\n  #...\nend\n```\n\nWhen used together with the awesomeness that's the [Phoenix Framework](http://www.phoenixframework.org/)\nplease note that putting the `CORSPlug` in a pipeline won't work as they are only invoked for\nmatched routes.\n\nI therefore recommend to put it in `lib/your_app/endpoint.ex`:\n\n```elixir\ndefmodule YourApp.Endpoint do\n  use Phoenix.Endpoint, otp_app: :your_app\n\n  # ...\n  plug CORSPlug\n\n  plug YourApp.Router\nend\n```\n\nAlternatively you can add options routes to your scope and `CORSPlug` to your pipeline, as\nsuggested by @leighhalliday\n\n```elixir\npipeline :api do\n  plug CORSPlug\n  # ...\nend\n\nscope \"/api\", PhoenixApp do\n  pipe_through :api\n\n  resources \"/articles\", ArticleController\n  options   \"/articles\", ArticleController, :options\n  options   \"/articles/:id\", ArticleController, :options\nend\n```\n\n## Compatibility\n\nWhenever I get around to, I will bump the plug dependency to the latest version\nof plug. This will ensure compatibility with the latest plug versions.\n\nAs of Elixir and Open Telecom Platform (OTP), my goal is to test against the three most recent versions respectively.\n\n## Configuration\n\nThis plug will return the following headers:\n\nOn preflight (`OPTIONS`) requests:\n\n* Access-Control-Allow-Origin\n* Access-Control-Allow-Credentials\n* Access-Control-Max-Age\n* Access-Control-Allow-Headers\n* Access-Control-Allow-Methods\n\nOn `GET`, `POST`, etc. requests:\n\n* Access-Control-Allow-Origin\n* Access-Control-Expose-Headers\n* Access-Control-Allow-Credentials\n\nYou can configure allowed origins using one of the following methods:\n\n### Using a list\n\n**Lists can now be comprised of strings, regexes or a mix of both:**\n\n```elixir\nplug CORSPlug, origin: [\"http://example1.com\", \"http://example2.com\", ~r/https?.*example\\d?\\.com$/]\n```\n\n### Using a regex\n\n```elixir\nplug CORSPlug, origin: ~r/https?.*example\\d?\\.com$/\n```\n\n\n### Using the config.exs file\n\n```elixir\nconfig :cors_plug,\n  origin: [\"http://example.com\"],\n  max_age: 86400,\n  methods: [\"GET\", \"POST\"]\n```\n\n### Using a `function/0` or `function/1` that returns the allowed origin as a string\n\n**Caveat: Anonymous functions are not possible as they can't be quoted.**\n\n```elixir\nplug CORSPlug, origin: \u0026MyModule.my_fun/0\n\ndef my_fun do\n  [\"http://example.com\"]\nend\n```\n\n```elixir\nplug CORSPlug, origin: \u0026MyModule.my_fun/1\n\ndef my_fun(conn) do\n  # Do something with conn\n\n  [\"http://example.com\"]\nend\n```\n\n### send_preflight_response?\n\nThere may be times when you would like to retain control over the response sent to OPTIONS requests. If you\nwould like CORSPlug to only set headers, then set the `send_preflight_response?` option to false.\n\n```elixir\nplug CORSPlug, send_preflight_response?: false\n\n# or in the app config\n\nconfig :cors_plug,\n  send_preflight_response?: false\n```\n\nPlease note that options passed to the plug overrides app config but app config\noverrides default options.\n\nPlease find the list of current defaults in\n[cors_plug.ex](lib/cors_plug.ex#L5:L26).\n\n**As per the [W3C Recommendation](https://www.w3.org/TR/cors/#access-control-allow-origin-response-header)\nthe string `null` is returned when no configured origin matched the request.**\n\n\n## License\n\nCopyright 2020 Michael Schaefermeyer\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmschae%2Fcors_plug","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmschae%2Fcors_plug","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmschae%2Fcors_plug/lists"}