expressjs/cors

Issues

• `Vary: Origin` should be set on non-CORS request

  #330 opened a month ago by ehmicky
  0

• `Vary: Origin` should not be set if the `Origin` request header is ignored

  #332 opened a month ago by ehmicky
  0

• CORS requests with credentials should forbid `*`

  #333 opened a month ago by ehmicky
  0

• `Vary: Access-Control-Request-Method` should be set

  #331 opened a month ago by ehmicky
  1

• Improve testing robustness

  #319 opened a month ago by Alex-GF
  2

• Breaking Change: Webpack 5 polyfills

  #328 opened 2 months ago by Bhaney44
  1

• include types with package

  #235 opened 4 years ago by jamiehaywood
  5

• Use cors on static files only?

  #270 opened 2 months ago by vedantroy
  1

• Do you need app.options and app.use(cors()); ??

  #277 opened 2 months ago by sinclas
  14

• Error: Cannot GET /

  #324 opened 2 months ago by Bhaney44
  1

• Why is the cors package supplying an array to the browser if the browser does not allow arrays?

  #323 opened 3 months ago by thardy
  6

• Wrong `access-control-allow-origin` header in response headers

  #239 opened 3 years ago by yonatanhakatan
  2

• Add ability to omit `Vary: Origin` header

  #317 opened 8 months ago by gl-jkeys
  3

• I have random 'Access-Control-Allow-Origin' errors, even if i set origin: '*', is my usage correct ?

  #316 opened 8 months ago by zeid0ne
  3

• Cors error when connecting through ssh tunnel

  #315 opened 9 months ago by Hoss3770
  1

• `OPTIONS` request handler missing `Allow` header

  #305 opened a year ago by Lordfirespeed
  13

• Add support for having specified domain instead of wildcard

  #310 opened a year ago by dani2819
  3

• Request: callback for failed CORS

  #313 opened a year ago by pinko-fowle
  5

• CORS error when fonts

  #309 opened a year ago by saunafox
  0

• cors is hanging

  #307 opened a year ago by dcsan
  2

• Invalid Vary header in Access-Control-Allow-Headers

  #302 opened a year ago by shdpl
  2

• Array - set origin -Not working

  #294 opened 2 years ago by Naveenvuedata
  3

• DEMO is broken

  #301 opened a year ago by Zirafnik
  1

• Configure Allowed Headers as Array of RegExp

  #299 opened 2 years ago by ramytamer
  0

• Undefined origin should be treated as not allowed - discusson

  #298 opened 2 years ago by oscyp
  4

• "origin" is undefined when requests are received from the same server AND when malicious requests are sent from a program

  #296 opened 2 years ago by dancherb
  1

• No-Access-Control-Origin

  #268 opened 2 years ago by Eltik
  2

• Access-Control-Allow-Origin issue

  #283 opened 2 years ago by alan-bradbury-hollaroo
  2

• Incorrect response when option origin is true and requestOrigin is undefined

  #295 opened 2 years ago by yanickrochon
  2

• Option preflightContinue not working with origin function

  #293 opened 2 years ago by RiccardoRomagnoli
  0

• Cors origin RegExp issues

  #292 opened 2 years ago by adrien2p
  10

• CORS Error only on Mac

  #291 opened 2 years ago by lazyseals
  2

• No Configuration Options for Access-Control-Allow-Private-Network

  #290 opened 2 years ago by ojasggg
  1

• A question about the type of the origin option value.

  #271 opened 2 years ago by annahxxl
  3

• [Feature request] A more powerful custom origin calculation method depending on other headers

  #288 opened 2 years ago by fabis94
  6

• access-control-allow-method not working

  #275 opened 2 years ago by HassanSayyed
  2

• [Question / Feature Request] CORS-RFC1918 Support

  #236 opened 4 years ago by NoelDavies
  5

• cors module causes a timeout in upstream

  #272 opened 2 years ago by maki3000
  2

• cors is not working with node js https

  #254 opened 3 years ago by metrocoding
  3

• i keep getting the same error no matter how i comfigure cors

  #250 opened 3 years ago by fazemodz
  5

• preflight OK, then 504 status - No Access Cntrl Allow on requested resource

  #255 opened 3 years ago by rowntreerob
  1

• applyHeaders doesn't work when header value is false

  #267 opened 3 years ago by cesarvarela
  1

• Axios ignore cors from express node js

  #265 opened 3 years ago by KjshServer
  3

• Subdomain in CORS

  #264 opened 3 years ago by nihirv
  1

• Solution to issue 71 "undefined headers.origin"

  #262 opened 3 years ago by DaliuSinger
  1

• Can we validate Referer HTTP request header?

  #258 opened 3 years ago by niksonkjohn
  1

• Usage of `false` in `origin` callback

  #253 opened 3 years ago by kochis
  2

• Lib stopped working suddenly, with a Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response.

  #251 opened 3 years ago by jonit-dev
  0

• CORS Private Network Access

  #247 opened 3 years ago by bitconym
  1

• Different behavior between function and string as origin

  #241 opened 3 years ago by darrachequesne
  11