Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/eggjs/egg-cors

CORS plugin for egg
https://github.com/eggjs/egg-cors

cors egg-plugin

Last synced: about 1 month ago
JSON representation

CORS plugin for egg

Awesome Lists containing this project

README

        

# egg-cors

[![NPM version][npm-image]][npm-url]
[![Node.js CI](https://github.com/eggjs/egg-cors/actions/workflows/nodejs.yml/badge.svg)](https://github.com/eggjs/egg-cors/actions/workflows/nodejs.yml)
[![Test coverage][codecov-image]][codecov-url]
[![npm download][download-image]][download-url]

[npm-image]: https://img.shields.io/npm/v/egg-cors.svg?style=flat-square
[npm-url]: https://npmjs.org/package/egg-cors
[codecov-image]: https://codecov.io/github/eggjs/egg-cors/coverage.svg?branch=master
[codecov-url]: https://codecov.io/github/eggjs/egg-cors?branch=master
[download-image]: https://img.shields.io/npm/dm/egg-cors.svg?style=flat-square
[download-url]: https://npmjs.org/package/egg-cors

[CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS) plugin for egg, based on [@koa/cors](https://github.com/koajs/cors).

## Install

```bash
$ npm i egg-cors --save
```

## Usage

```js
// {app_root}/config/plugin.js
exports.cors = {
enable: true,
package: 'egg-cors',
};
```

`egg-cors` works internally with [egg-security](https://github.com/eggjs/egg-security). By defining the property of `domainWhiteList` on object `security`, you have successfully informed the framework to whitelist the passed domains.

When you make a request from client side, **egg** should return an `Access-Control-Allow-Origin` response header with the domain that you passed in along with the payload and status code *200*.

```js
exports.security = {
domainWhiteList: [ 'http://localhost:4200' ],
};
```

## Configuration

Support all configurations in [@koa/cors](https://github.com/koajs/cors).

```js
// {app_root}/config/config.default.js
exports.cors = {
// {string|Function} origin: '*',
// {string|Array} allowMethods: 'GET,HEAD,PUT,POST,DELETE,PATCH'
};
```

If the `origin` is set, the plugin will follow it to set the `Access-Control-Allow-Origin` and ignore the `security.domainWhiteList`. Otherwise, the `security.domainWhiteList` which is default will take effect as described above.

## Security

Only in safe domain list support CORS when security plugin enabled.

## Questions & Suggestions

Please open an issue [here](https://github.com/eggjs/egg/issues).

## License

[MIT](LICENSE)

## Contributors

|[
atian25](https://github.com/atian25)
|[
dead-horse](https://github.com/dead-horse)
|[
fengmk2](https://github.com/fengmk2)
|[
brickyang](https://github.com/brickyang)
|[
sinchang](https://github.com/sinchang)
|[
XadillaX](https://github.com/XadillaX)
|
| :---: | :---: | :---: | :---: | :---: | :---: |
[
mattma](https://github.com/mattma)
|[
SoraYama](https://github.com/SoraYama)
|[
Yelmor](https://github.com/Yelmor)
|[
angela-1](https://github.com/angela-1)
|[
waitingsong](https://github.com/waitingsong)

This project follows the git-contributor [spec](https://github.com/xudafeng/git-contributor), auto updated at `Mon Dec 11 2023 13:25:00 GMT+0800`.