# Excerpt

CORS middleware for Koa. Latest version: 0.0.16, last published: 7 years ago. Start using koa-cors in your project by running npm i koa-cors. There are 253 other projects in the npm registry using koa-cors.

CORS middleware for Koa

Inspired by the great node-cors module.

$ npm install koa-cors

var koa = require('koa');var route = require('koa-route');var cors = require('koa-cors');var app = koa(); app.use(cors()); app.use(route.get('/', function() {  this.body = { msg: 'Hello World!' };})); app.listen(3000);

Configures the Access-Control-Allow-Origin CORS header. Expects a string (ex: http://example.com). Set to true to reflect the request origin, as defined by req.header('Origin'). Set to false to disable CORS. Can also be set to a function, which takes the request as the first parameter.

Configures the Access-Control-Expose-Headers CORS header. Expects a comma-delimited string (ex: 'WWW-Authenticate,Server-Authorization') or an array (ex: ['WWW-Authenticate', 'Server-Authorization]). Set this to pass the header, otherwise it is omitted.

Configures the Access-Control-Max-Age CORS header. Set to an integer to pass the header, otherwise it is omitted.

Configures the Access-Control-Allow-Credentials CORS header. Set to true to pass the header, otherwise it is omitted.

Configures the Access-Control-Allow-Methods CORS header. Expects a comma-delimited string (ex: 'GET,PUT,POST') or an array (ex: ['GET', 'PUT', 'POST']).

Configures the Access-Control-Allow-Headers CORS header. Expects a comma-delimited string (ex: 'Content-Type,Authorization') or an array (ex: ['Content-Type', 'Authorization]). If not specified, defaults to reflecting the headers specified in the request's Access-Control-Request-Headers header.

For details on the effect of each CORS header, read this article on HTML5 Rocks.