remix/middleware/cors · Interface

View Source

CorsOptions

Summary

Options for CORS middleware.

Signature

interface CorsOptions {
  allowedHeaders?: CorsAllowedHeadersResolver | readonly string[]
  allowPrivateNetwork?: boolean
  credentials?: boolean
  exposedHeaders?: readonly string[]
  maxAge?: number
  methods?: readonly string[]
  origin?: CorsOrigin
  preflightContinue?: boolean
  preflightStatusCode?: number
}

Properties

allowedHeaders

Allowed request headers for preflight responses.

Defaults to reflecting Access-Control-Request-Headers.

allowPrivateNetwork

Include Access-Control-Allow-Private-Network: true when requested.

credentials

Include Access-Control-Allow-Credentials: true.

exposedHeaders

Exposed response headers for non-preflight requests.

maxAge

Access-Control-Max-Age value for preflight responses (seconds).

methods

Allowed methods for preflight responses.

origin

Allowed origins. Defaults to '*'.

  • true reflects the request Origin
  • false disables CORS headers
  • '*' allows all origins
  • string/RegExp/array allow matching origins
  • function allows dynamic origin checks

preflightContinue

Continue to downstream handlers for preflight requests.

preflightStatusCode

Status code to use when short-circuiting preflight responses.