1 | koa-cors
|
2 | ========
|
3 |
|
4 | CORS middleware for Koa
|
5 |
|
6 | Inspired by the great [node-cors](https://github.com/troygoode/node-cors) module.
|
7 |
|
8 | ## Installation (via [npm](https://npmjs.org/package/koa-cors))
|
9 |
|
10 | ```bash
|
11 | $ npm install koa-cors
|
12 | ```
|
13 |
|
14 | ## Usage
|
15 |
|
16 | ```javascript
|
17 | var koa = require('koa');
|
18 | var route = require('koa-route');
|
19 | var cors = require('koa-cors');
|
20 | var app = koa();
|
21 |
|
22 | app.use(cors());
|
23 |
|
24 | app.use(route.get('/', function() {
|
25 | this.body = { msg: 'Hello World!' };
|
26 | }));
|
27 |
|
28 | app.listen(3000);
|
29 | ```
|
30 |
|
31 | ## Options
|
32 |
|
33 | ### origin
|
34 |
|
35 | Configures the **Access-Control-Allow-Origin** CORS header. Expects a string
|
36 | (ex: http://example.com). Set to `true` to reflect the
|
37 | [request origin](http://tools.ietf.org/html/draft-abarth-origin-09), as defined
|
38 | by `req.header('Origin')`. Set to `false` to disable CORS. Can also be set to a
|
39 | function, which takes the request as the first parameter.
|
40 |
|
41 | ### expose
|
42 |
|
43 | Configures the **Access-Control-Expose-Headers** CORS header. Expects a
|
44 | comma-delimited string (ex: 'WWW-Authenticate,Server-Authorization') or an array
|
45 | (ex: `['WWW-Authenticate', 'Server-Authorization]`). Set this to pass the
|
46 | header, otherwise it is omitted.
|
47 |
|
48 | ### maxAge
|
49 |
|
50 | Configures the **Access-Control-Max-Age** CORS header. Set to an integer to pass
|
51 | the header, otherwise it is omitted.
|
52 |
|
53 | ### credentials
|
54 |
|
55 | Configures the **Access-Control-Allow-Credentials** CORS header. Set to `true`
|
56 | to pass the header, otherwise it is omitted.
|
57 |
|
58 | ### methods
|
59 |
|
60 | Configures the **Access-Control-Allow-Methods** CORS header. Expects a
|
61 | comma-delimited string (ex: 'GET,PUT,POST') or an array (ex: `['GET', 'PUT',
|
62 | 'POST']`).
|
63 |
|
64 | ### headers
|
65 | Configures the **Access-Control-Allow-Headers** CORS header. Expects a
|
66 | comma-delimited string (ex: 'Content-Type,Authorization') or an array (ex:
|
67 | `['Content-Type', 'Authorization]`). If not specified, defaults to reflecting
|
68 | the headers specified in the request's **Access-Control-Request-Headers**
|
69 | header.
|
70 |
|
71 |
|
72 | For details on the effect of each CORS header,
|
73 | [read this article on HTML5 Rocks](http://www.html5rocks.com/en/tutorials/cors/).
|
74 |
|
75 |
|
76 | ## License
|
77 |
|
78 | [MIT License](http://www.opensource.org/licenses/mit-license.php)
|
79 |
|