CORS middleware for Koa
Inspired by the great node-cors module.
Installation (via npm)
$ npm install koa-cors
var koa = require('koa');
var route = require('koa-route');
var cors = require('koa-cors');
var app = koa();
app.use(cors());
app.use(route.get('/', function() {
this.body = { msg: 'Hello World!' };
}));
app.listen(3000);
Configures the Access-Control-Allow-Origin CORS header. Expects a string (ex: http://example.com). Set to true
to reflect the request origin, as defined by req.header('Origin')
. Set to false
to disable CORS. Can also be set to a function, which takes the request as the first parameter.
Configures the Access-Control-Expose-Headers CORS header. Expects a comma-delimited string (ex: 'WWW-Authenticate,Server-Authorization') or an array (ex: ['WWW-Authenticate', 'Server-Authorization]
). Set this to pass the header, otherwise it is omitted.
Configures the Access-Control-Max-Age CORS header. Set to an integer to pass the header, otherwise it is omitted.
Configures the Access-Control-Allow-Credentials CORS header. Set to true
to pass the header, otherwise it is omitted.
Configures the Access-Control-Allow-Methods CORS header. Expects a comma-delimited string (ex: 'GET,PUT,POST') or an array (ex: ['GET', 'PUT', 'POST']
).
Configures the Access-Control-Allow-Headers CORS header. Expects a comma-delimited string (ex: 'Content-Type,Authorization') or an array (ex: ['Content-Type', 'Authorization]
). If not specified, defaults to reflecting the headers specified in the request's Access-Control-Request-Headers header.
For details on the effect of each CORS header, read this article on HTML5 Rocks.