/koa2-cors

CORS middleware for koa2

Primary LanguageJavaScriptOtherNOASSERTION

koa2-cors

NPM version Node version Build Status Code coverage NPM download Commitizen friendly

install

it requires node v7.6.0 or higher now

npm install --save koa2-cors

Usage

var Koa = require('koa');
var cors = require('koa2-cors');

var app = new Koa();
app.use(cors());

Options

origin

Configures the Access-Control-Allow-Origin CORS header. expects a string. Can also be set to a function, which takes the ctx as the first parameter.

exposeHeaders

Configures the Access-Control-Expose-Headers CORS header. Expects a comma-delimited array.

maxAge

Configures the Access-Control-Max-Age CORS header. Expects a Number.

credentials

Configures the Access-Control-Allow-Credentials CORS header. Expects a Boolean.

allowMethods

Configures the Access-Control-Allow-Methods CORS header. Expects a comma-delimited array , If not specified, default allowMethods is ['GET', 'PUT', 'POST', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'].

allowHeaders

Configures the Access-Control-Allow-Headers CORS header. Expects a comma-delimited array . If not specified, defaults to reflecting the headers specified in the request's Access-Control-Request-Headers header.

var Koa = require('koa');
var cors = require('koa2-cors');

var app = new Koa();
app.use(cors({
  origin: function(ctx) {
    if (ctx.url === '/test') {
      return false;
    }
    return '*';
  },
  exposeHeaders: ['WWW-Authenticate', 'Server-Authorization'],
  maxAge: 5,
  credentials: true,
  allowMethods: ['GET', 'POST', 'DELETE'],
  allowHeaders: ['Content-Type', 'Authorization', 'Accept'],
}));
...

More details about CORS.

License

MIT License