Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/laynef/node-secure-cors
CORS for Node.js that does not allow wildcards for Subdomain attacks
https://github.com/laynef/node-secure-cors
cors security subdomains
Last synced: 15 days ago
JSON representation
CORS for Node.js that does not allow wildcards for Subdomain attacks
- Host: GitHub
- URL: https://github.com/laynef/node-secure-cors
- Owner: laynef
- Created: 2018-03-26T02:46:37.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2018-03-26T03:57:22.000Z (almost 7 years ago)
- Last Synced: 2024-11-07T09:46:37.914Z (2 months ago)
- Topics: cors, security, subdomains
- Language: JavaScript
- Homepage:
- Size: 30.3 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Secure CORS
## Installation
`npm i -S secure-cors`
## Why Secure CORS
/*
Use secure CORS because it gives errors when you use wild cards for origins.
Allowing any wild cards in your CORS allows you to use your server with any domain under that wildcard.
Be sure to specify the exact urls you need.
*/
const express = require('express');
const cors = require('secure-cors');
const app = express();
app.use(cors({
origin: 'https://www.example.com' // never '*' or '*.example.com'
}));
app.listen(3000);