CorsOptions
Summary
Options for CORS middleware.
Signature
interface CorsOptions {
allowedHeaders?: CorsAllowedHeadersResolver | readonly string[]
allowPrivateNetwork?: boolean
credentials?: boolean
exposedHeaders?: readonly string[]
maxAge?: number
methods?: readonly string[]
origin?: CorsOrigin
preflightContinue?: boolean
preflightStatusCode?: number
}
Properties
allowedHeaders
Allowed request headers for preflight responses.
Defaults to reflecting Access-Control-Request-Headers.
allowPrivateNetwork
Include Access-Control-Allow-Private-Network: true when requested.
credentials
Include Access-Control-Allow-Credentials: true.
exposedHeaders
Exposed response headers for non-preflight requests.
maxAge
Access-Control-Max-Age value for preflight responses (seconds).
methods
Allowed methods for preflight responses.
origin
Allowed origins. Defaults to '*'.
truereflects the request Originfalsedisables CORS headers'*'allows all originsstring/RegExp/array allow matching originsfunctionallows dynamic origin checks
preflightContinue
Continue to downstream handlers for preflight requests.
preflightStatusCode
Status code to use when short-circuiting preflight responses.