egg-cors

by eggjs

eggjs / egg-cors

CORS plugin for egg

135 Stars 12 Forks Last release: Not found MIT License 31 Commits 12 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:

egg-cors

NPM version build status Test coverage David deps Known Vulnerabilities npm download

CORS plugin for egg, based on @koa/cors.

Install

$ npm i egg-cors --save

Usage

// {app_root}/config/plugin.js
exports.cors = {
  enable: true,
  package: 'egg-cors',
};

egg-cors
works internally with egg-security. By defining the property of
domainWhiteList
on object
security
, you have successfully informed the framework to whitelist the passed domains.

When you make a request from client side, egg should return an

Access-Control-Allow-Origin
response header with the domain that you passed in along with the payload and status code 200.
exports.security = {
  domainWhiteList: [ 'http://localhost:4200' ],
};

Configuration

Support all configurations in @koa/cors.

// {app_root}/config/config.default.js
exports.cors = {
  // {string|Function} origin: '*',
  // {string|Array} allowMethods: 'GET,HEAD,PUT,POST,DELETE,PATCH'
};

If the

origin
is set, the plugin will follow it to set the
Access-Control-Allow-Origin
and ignore the
security.domainWhiteList
. Otherwise, the
security.domainWhiteList
which is default will take effect as described above.

Security

Only in safe domain list support CORS when security plugin enabled.

Questions & Suggestions

Please open an issue here.

License

MIT

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.