---
title: CorsOptions
source: https://github.com/remix-run/remix/blob/remix@3.0.0-beta.2/packages/cors-middleware/src/lib/cors.ts#L52
---

# CorsOptions

## Summary

Options for CORS middleware.

## Signature

```ts
interface CorsOptions {
  allowedHeaders?: CorsAllowedHeadersResolver | readonly string[];
  allowPrivateNetwork?: boolean;
  credentials?: boolean;
  exposedHeaders?: readonly string[];
  maxAge?: number;
  methods?: readonly string[];
  origin?: CorsOrigin;
  preflightContinue?: boolean;
  preflightStatusCode?: number;
}

```

## Properties

### `allowedHeaders`

Allowed request headers for preflight responses.

Defaults to reflecting Access-Control-Request-Headers.

### `allowPrivateNetwork`

Include Access-Control-Allow-Private-Network: true when requested.

### `credentials`

Include Access-Control-Allow-Credentials: true.

### `exposedHeaders`

Exposed response headers for non-preflight requests.

### `maxAge`

Access-Control-Max-Age value for preflight responses (seconds).

### `methods`

Allowed methods for preflight responses.

### `origin`

Allowed origins. Defaults to '*'.

- `true` reflects the request Origin
- `false` disables CORS headers
- `'*'` allows all origins
- `string`/`RegExp`/array allow matching origins
- `function` allows dynamic origin checks

### `preflightContinue`

Continue to downstream handlers for preflight requests.

### `preflightStatusCode`

Status code to use when short-circuiting preflight responses.