Module stick/middleware/cors

Cross-site HTTP Request headers

Ability to configure all CORS headers. For a detailed explanation on what the different headers do see MDN on CORS

Even if allowOrigin is defined as "*" (allowOrigin: ['*']) this middleware will always respond with an "Access-Control-Allow-Origin" header with the value of the "Origin" header.

Example

app.configure("cors");
app.cors({
   allowOrigin: ['http://example.com', 'https://example.com'],
   allowMethods: ['POST', 'GET'],
   allowHeaders: ['X-PingOther'],
   exposeHeaders: []
   maxAge: 1728000,
   allowCredentials: true
})

Functions

middleware(next, app)

middleware (next, app)

Example

app.configure("cors");
app.cors({
   allowOrigin: ['http://example.com', 'https://example.com'],
   allowMethods: ['POST', 'GET'],
   allowHeaders: ['X-PingOther'],
   exposeHeaders: []
   maxAge: 1728000,
   allowCredentials: true
})

Parameters

	next
	app