Comments (5)
Yes, I ended up doing something like this:
const corsMiddleware = cors()
router.use((req, res, next) => {
if (req.path.match(/^\/auth\/connect\//)) {
// let later cors middleware handle it!
return next()
}
return corsMiddleware(req, res, next)
})
from cors.
Running into the same issue. From what we can tell multiple calls to cors
strictly append to the existing headers. While there may be a use case for this, not being able to override this behavior is a non-starter.
We don't want Access-Control-Allow-Origin
to be *,http://example.com
.
Probably just going to gut cors
for now since this is time sensitive.
EDIT: You can specify preflightContinue
to add specific header overrides using express' native .setHeader()
on OPTIONS requests. This resolves our problem, but @olalonde's use case is still not possible so far as I can tell (it's obvious in the source code as to why this is the case and it's probably working as intended).
from cors.
I like your solution @olalonde
from cors.
I was looking into the code for cors today and I think it might be supported out of the box. It appears that there are undocumented code that supports regular expressions and arrays. When you pass an object to cors() it calls the private function isOriginAllowed with what is inside the origin property if that is not a function. That supports Array and RegExp, so you could actually have a regular expression for your domain. And it will only add the Access-Control-Allow-Origin Header if req.headers.origin matches
function isOriginAllowed(origin, allowedOrigin) {
if (Array.isArray(allowedOrigin)) {
for (var i = 0; i < allowedOrigin.length; ++i) {
if (isOriginAllowed(origin, allowedOrigin[i])) {
return true;
}
}
return false;
} else if (isString(allowedOrigin)) {
return origin === allowedOrigin;
} else if (allowedOrigin instanceof RegExp) {
return allowedOrigin.test(origin);
} else {
return !!allowedOrigin;
}
}
from cors.
hey Hii every one i am new to opensource world can any one help me in making my first contribution in this library.by explaining it more to me and guiding me.
from cors.
Related Issues (20)
- [Feature request] A more powerful custom origin calculation method depending on other headers HOT 6
- No Configuration Options for Access-Control-Allow-Private-Network HOT 1
- CORS Error only on Mac HOT 2
- Cors origin RegExp issues HOT 10
- Option preflightContinue not working with origin function
- Array - set origin -Not working HOT 3
- Incorrect response when option origin is true and requestOrigin is undefined HOT 2
- "origin" is undefined when requests are received from the same server AND when malicious requests are sent from a program HOT 1
- Undefined origin should be treated as not allowed - discusson HOT 4
- Configure Allowed Headers as Array of RegExp
- DEMO is broken HOT 1
- Invalid Vary header in Access-Control-Allow-Headers HOT 2
- `OPTIONS` request handler missing `Allow` header HOT 13
- cors is hanging HOT 2
- CORS error when fonts
- Add support for having specified domain instead of wildcard HOT 3
- Request: callback for failed CORS HOT 5
- Cors error when connecting through ssh tunnel HOT 1
- I have random 'Access-Control-Allow-Origin' errors, even if i set origin: '*', is my usage correct ? HOT 3
- Add ability to omit `Vary: Origin` header HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cors.