https://github.com/koajs/cors

Cross-Origin Resource Sharing(CORS) for koa
https://github.com/koajs/cors

Last synced: 4 months ago
JSON representation

Cross-Origin Resource Sharing(CORS) for koa

• Host: GitHub
• URL: https://github.com/koajs/cors
• Owner: koajs
• License: other
• Created: 2015-02-09T05:34:31.000Z (over 9 years ago)
• Default Branch: master
• Last Pushed: 2024-03-02T23:01:34.000Z (4 months ago)
• Last Synced: 2024-03-08T17:10:52.323Z (4 months ago)
• Language: JavaScript
• Homepage:
• Size: 115 KB
• Stars: 725
• Watchers: 15
• Forks: 76
• Open Issues: 22
• Metadata Files:
  • Readme: README.md
  • Changelog: History.md
  • License: LICENSE

Lists

• think-awesome - kcors - ci.org/koajs/cors.svg) |  | CORS middleware | (Koa Middlewares)
• awesome-koa - cors - Cross-Origin Resource Sharing(CORS) for koa (Middleware)
• awesome-stars - cors - Cross-Origin Resource Sharing(CORS) for koa (JavaScript)
• awesome-koa - @koa/cors - 跨域资源共享（CORS）for koa.   (仓库 / 中间件)

README

        
# @koa/cors

[![NPM version][npm-image]][npm-url]

[![Node.js CI](https://github.com/koajs/cors/actions/workflows/nodejs.yml/badge.svg)](https://github.com/koajs/cors/actions/workflows/nodejs.yml)

[![Test coverage][codecov-image]][codecov-url]

[![npm download][download-image]][download-url]

[npm-image]: https://img.shields.io/npm/v/@koa/cors.svg?style=flat-square

[npm-url]: https://npmjs.org/package/@koa/cors

[codecov-image]: https://codecov.io/github/koajs/cors/coverage.svg?branch=v2.x

[codecov-url]: https://codecov.io/github/koajs/cors?branch=v2.x

[download-image]: https://img.shields.io/npm/dm/@koa/cors.svg?style=flat-square

[download-url]: https://npmjs.org/package/@koa/cors

[Cross-Origin Resource Sharing(CORS)](https://developer.mozilla.org/en/docs/Web/HTTP/Access_control_CORS) for koa

## Installation

```bash

$ npm install @koa/cors --save

```

## Quick start

Enable cors with default options:

- origin: `*` (v4 and before: the request's Origin header). This means that **by default the requests from all origin webpages will be allowed**.

  If you're running a generic API server, this is what you want, but otherwise you should look into changing the default to something more

  suitable to your application.

- allowMethods: GET,HEAD,PUT,POST,DELETE,PATCH

```js

const Koa = require('koa');

const cors = require('@koa/cors');

const app = new Koa();

app.use(cors());

```

## cors(options)

```js

/**

 * CORS middleware

 *

 * @param {Object} [options]

 *  - {String|Function(ctx)} origin `Access-Control-Allow-Origin`, default is '*'

 *    If `credentials` set and return `true, the `origin` default value will set to the request `Origin` header

 *  - {String|Array} allowMethods `Access-Control-Allow-Methods`, default is 'GET,HEAD,PUT,POST,DELETE,PATCH'

 *  - {String|Array} exposeHeaders `Access-Control-Expose-Headers`

 *  - {String|Array} allowHeaders `Access-Control-Allow-Headers`

 *  - {String|Number} maxAge `Access-Control-Max-Age` in seconds

 *  - {Boolean|Function(ctx)} credentials `Access-Control-Allow-Credentials`, default is false.

 *  - {Boolean} keepHeadersOnError Add set headers to `err.header` if an error is thrown

 *  - {Boolean} secureContext `Cross-Origin-Opener-Policy` & `Cross-Origin-Embedder-Policy` headers.', default is false

 *  - {Boolean} privateNetworkAccess handle `Access-Control-Request-Private-Network` request by return `Access-Control-Allow-Private-Network`, default to false

 * @return {Function} cors middleware

 * @api public

 */

```

## Breaking change between 4.0 and 5.0

The default `origin` is set to `*`, if you want to keep the 4.0 behavior, you can set the `origin` handler like this:

```js

app.use(cors({

  origin(ctx) {

    return ctx.get('Origin') || '*';

  },

}));

```

## License

[MIT](./LICENSE)

## Contributors

|[
fengmk2](https://github.com/fengmk2)
|[
dead-horse](https://github.com/dead-horse)
|[
omsmith](https://github.com/omsmith)
|[
jonathanong](https://github.com/jonathanong)
|[
AlphaWong](https://github.com/AlphaWong)
|[
cma-skedulo](https://github.com/cma-skedulo)
|

| :---: | :---: | :---: | :---: | :---: | :---: |

|[
CleberRossi](https://github.com/CleberRossi)
|[
erikfried](https://github.com/erikfried)
|[
j-waaang](https://github.com/j-waaang)
|[
ltomes](https://github.com/ltomes)
|[
lfreneda](https://github.com/lfreneda)
|[
matthewmueller](https://github.com/matthewmueller)
|

[
PlasmaPower](https://github.com/PlasmaPower)
|[
swain](https://github.com/swain)
|[
TyrealHu](https://github.com/TyrealHu)
|[
xg-wang](https://github.com/xg-wang)
|[
lishengzxc](https://github.com/lishengzxc)
|[
mcohen75](https://github.com/mcohen75)


This project follows the git-contributor [spec](https://github.com/xudafeng/git-contributor), auto updated at `Sat Oct 08 2022 21:35:10 GMT+0800`.