JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 941385
  • Score
    100M100P100Q188527F
  • License MIT

Cross-Origin Resource Sharing(CORS) for koa

Package Exports

  • @koa/cors
  • @koa/cors/index.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@koa/cors) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

@koa/cors

NPM version Node.js CI Test coverage npm download

Cross-Origin Resource Sharing(CORS) for koa

Installation

$ npm install @koa/cors --save

Quick start

Enable cors with default options:

  • origin: request Origin header
  • allowMethods: GET,HEAD,PUT,POST,DELETE,PATCH
const Koa = require('koa');
const cors = require('@koa/cors');

const app = new Koa();
app.use(cors());

cors(options)

/**
 * CORS middleware
 *
 * @param {Object} [options]
 *  - {String|Function(ctx)} origin `Access-Control-Allow-Origin`, default is '*'
 *    If `credentials` set and return `true, the `origin` default value will set to the request `Origin` header
 *  - {String|Array} allowMethods `Access-Control-Allow-Methods`, default is 'GET,HEAD,PUT,POST,DELETE,PATCH'
 *  - {String|Array} exposeHeaders `Access-Control-Expose-Headers`
 *  - {String|Array} allowHeaders `Access-Control-Allow-Headers`
 *  - {String|Number} maxAge `Access-Control-Max-Age` in seconds
 *  - {Boolean|Function(ctx)} credentials `Access-Control-Allow-Credentials`, default is false.
 *  - {Boolean} keepHeadersOnError Add set headers to `err.header` if an error is thrown
 *  - {Boolean} secureContext `Cross-Origin-Opener-Policy` & `Cross-Origin-Embedder-Policy` headers.', default is false
 *  - {Boolean} privateNetworkAccess handle `Access-Control-Request-Private-Network` request by return `Access-Control-Allow-Private-Network`, default to false
 * @return {Function} cors middleware
 * @api public
 */

Breaking change between 5.0 and 4.0

The default origin is set to *, if you want to keep the 4.0 behavior, you can set the origin handler like this:

app.use(cors({
  origin(ctx) {
    return ctx.get('Origin') || '*';
  },
}));

License

MIT

Contributors


fengmk2
dead-horse
omsmith
jonathanong
AlphaWong
cma-skedulo

CleberRossi
erikfried
j-waaang
ltomes
lfreneda
matthewmueller

PlasmaPower
swain
TyrealHu
xg-wang
lishengzxc
mcohen75

This project follows the git-contributor spec, auto updated at Sat Oct 08 2022 21:35:10 GMT+0800.