📜  express js cors - Javascript (1)

📅  最后修改于: 2023-12-03 14:41:04.376000             🧑  作者: Mango

Express JS CORS

Introduction

Cross-Origin Resource Sharing (CORS) is a mechanism that allows resources (such as fonts, JavaScript, etc.) on a web page to be requested from another domain outside the domain from which the resource originated. CORS is implemented as a set of HTTP headers that define the permissions for accessing resources on a web page.

Express JS, a popular web application framework for Node.js, provides middleware for handling CORS.

What is CORS?

CORS is a security feature implemented in web browsers to prevent unauthorized access to resources on a different domain. By default, web browsers enforce the Same-Origin Policy, which means that web pages can only request resources from the same domain as the web page itself.

However, there are cases where it is necessary for web pages to access resources from a different domain. This is where CORS comes into play. CORS allows web servers to specify which domains are allowed to access their resources, overriding the Same-Origin Policy.

How does Express JS CORS work?

To enable CORS in an Express JS application, you need to use the cors middleware.

Here's an example of how to use the cors middleware in an Express JS application:

const express = require('express');
const cors = require('cors');

const app = express();

// Enable CORS for all routes
app.use(cors());

// ...rest of your Express JS application code

app.listen(3000, () => {
  console.log('Server started on port 3000');
});

The above code enables CORS for all routes in your Express JS application. This means that any request from any domain will be allowed to access your resources.

CORS Configuration Options

The cors middleware provides configuration options to customize the CORS behavior. Here are some common configuration options:

  • origin: A string or a function that determines the allowed domains to access your resources. By default, this is set to * which allows access from any domain.
  • methods: An array of HTTP methods allowed for CORS requests. By default, this is set to GET,HEAD,PUT,PATCH,POST,DELETE.
  • allowedHeaders: An array of headers allowed for CORS requests. By default, this is not set, which means that all headers are allowed.
  • exposedHeaders: An array of headers exposed in the response to CORS requests. By default, this is not set, which means that no headers are exposed.
  • credentials: A boolean value indicating whether to allow sending cookies in CORS requests. By default, this is set to false.
  • maxAge: A number representing the maximum age (in seconds) of the preflight request result. By default, this is not set.

You can pass an options object as an argument to the cors middleware to configure these options. Here's an example:

app.use(cors({
  origin: 'https://example.com',
  methods: ['GET', 'POST'],
  allowedHeaders: ['Content-Type', 'Authorization'],
  exposedHeaders: ['Content-Length'],
  credentials: true,
  maxAge: 86400
}));
Conclusion

Using the cors middleware in Express JS allows you to easily enable Cross-Origin Resource Sharing in your application. By customizing the CORS configuration options, you can define which domains are allowed to access your resources and specify other CORS-related settings.

By handling CORS properly, you can enhance the security and accessibility of your web application when requesting resources from different domains.