Skip to content

Instantly share code, notes, and snippets.

@cuppster
Created April 9, 2012 16:02
Show Gist options
  • Save cuppster/2344435 to your computer and use it in GitHub Desktop.
Save cuppster/2344435 to your computer and use it in GitHub Desktop.
express.js middleware to support CORS pre-flight requests
app.use(express.methodOverride());
// ## CORS middleware
//
// see: http://stackoverflow.com/questions/7067966/how-to-allow-cors-in-express-nodejs
var allowCrossDomain = function(req, res, next) {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization');
// intercept OPTIONS method
if ('OPTIONS' == req.method) {
res.send(200);
}
else {
next();
}
};
app.use(allowCrossDomain);
@dougwilson
Copy link

I would like to re-iterate what @mwawrusch says: please look at a module like corser and do not use this; this does not fully comply with the CORS specification, where-as a module like corser does (and less LoC for you to maintain in your app, at that).

@katrotz
Copy link

katrotz commented Dec 11, 2015

Don't forget about Access-Control-Allow-Credentials

@yousfiSaad
Copy link

Thank you !

@nicotroia
Copy link

nicotroia commented Sep 21, 2016

FYI for newer versions of Express, you will get a warning saying res.send is deprecated. Use res.sendStatus instead

@givehug
Copy link

givehug commented Jan 20, 2017

Thanks again ))

@nickredmark
Copy link

WARNING: be aware that for authenticated cors requests, Access-Control-Allow-Origin can't be a wildcard '*'
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Credentialed_requests_and_wildcards

@Lonniebiz
Copy link

Works!

@michaelstievenart
Copy link

@Lonniebiz please share a snippet of how you solved it.

@JerryLeeCS
Copy link

Thank you so much!!!

@kaiferrall
Copy link

Thank you!!

@hygull
Copy link

hygull commented Sep 9, 2018

Great, it is helpful.

@isaquebc
Copy link

isaquebc commented Nov 20, 2018

Very good!

@Aubizzy
Copy link

Aubizzy commented Jun 17, 2020

This is Great stuff. it worked for me

@HarryLit
Copy link

Great, it works! Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment