• Stars
    star
    108
  • Rank 321,259 (Top 7 %)
  • Language
    JavaScript
  • Created over 10 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

CORS middleware with full W3C spec support

restify-cors-middleware

CORS middleware with full W3C spec support.

NPM License

Build Status Dependencies Dev dependencies Peer dependencies Known Vulnerabilities

JavaScript Style Guide

Setup

$ npm install restify-cors-middleware --save

Usage

const corsMiddleware = require('restify-cors-middleware')

const cors = corsMiddleware({
  preflightMaxAge: 5, //Optional
  origins: ['http://api.myapp.com', 'http://web.myapp.com'],
  allowHeaders: ['API-Token'],
  exposeHeaders: ['API-Token-Expiry']
})

server.pre(cors.preflight)
server.use(cors.actual)

Allowed origins

You can specify the full list of domains and subdomains allowed in your application, using strings or regular expressions.

origins: [
  'http://myapp.com',
  'http://*.myapp.com',
  /^https?:\/\/myapp.com(:[\d]+)?$/
]

For added security, this middleware sets Access-Control-Allow-Origin to the origin that matched, not the configured wildcard. This means callers won't know about other domains that are supported.

Setting origins: ['*'] is also valid, although it comes with obvious security implications. Note that it will still return a customised response (matching Origin), so any caching layer (reverse proxy or CDN) will grow in size accordingly.

Troubleshooting

As per the spec, requests without an Origin will not receive any headers. Requests with a matching Origin will receive the appropriate response headers. Always be careful that any reverse proxies (e.g. Varnish) very their cache depending on the origin, so you don't serve CORS headers to the wrong request.

Compliance to the spec

See unit tests for examples of preflight and actual requests.

More Repositories

1

supervisorui

Supervisor multi-server dashboard
JavaScript
71
star
2

strummer

Structural matching for JavaScript
JavaScript
66
star
3

redis-rate-limiter

Rate limiter middleware, backed by Redis
JavaScript
55
star
4

cli-plot

Plot values from stdin directly into your terminal
JavaScript
40
star
5

atom-mocha-test-runner

Mocha test runner for Atom Editor
CoffeeScript
38
star
6

ember-cli-llama-table

Easy Ember.js table component
JavaScript
15
star
7

require-lint

Verify that require statements match your package.json
JavaScript
12
star
8

make-it-static

Wordpress plugin to convert post contents into static html files
PHP
9
star
9

bison-types

Convert between binary and json
JavaScript
8
star
10

loop-lag

Monitor the delay on the Node.js event loop
JavaScript
7
star
11

swagger-to-md

Transform swagger to markdown
JavaScript
6
star
12

real-nock

Create stub HTTP servers that you can modify on the fly
CoffeeScript
6
star
13

generic-cucumber-protractor-framework

Generic Cucumber Protractor Framework
JavaScript
6
star
14

node-github-credential-scraper

Naive credential scraper for GitHub
JavaScript
5
star
15

hyperactive

Test your API by crawling the hypermedia links
JavaScript
5
star
16

node-middleware-json-parse

JSON parsing middleware
JavaScript
5
star
17

tabcorp-cucumber-protractor-framework-v2

tabcorp-cucumber-protractor-framework-v2
TypeScript
4
star
18

injectmd

Inject markdown into markdown
JavaScript
4
star
19

node-s3-log-fetcher

Fetch logs from S3
JavaScript
3
star
20

bitmap-integers

Small utility module to convert between integer representations of bitmaps and arrays
JavaScript
2
star
21

ios-lib-TBCCore

TBCCore provides useful utilities for development with objective-c on iOS and macOS
Objective-C
2
star
22

dollar-string

Helper utilities for dealing with dollar strings
JavaScript
2
star
23

js-match

Validates an entire Javascript object against a set of nested matchers
CoffeeScript
2
star
24

mobile-gem-egg

Minimalist Dependency Management for XCode Projects
Ruby
1
star
25

bunyan-stream

Stream data into a bunyan logger
JavaScript
1
star
26

clever-buffer

Clever read and write utilities for buffers
JavaScript
1
star
27

nsq-cleanup

A command-line tool which cleans unused NSQ channels
JavaScript
1
star
28

strummer-middleware

Generate validating middleware with a Strummer (or Strummer like) constraint.
JavaScript
1
star
29

cli-meter

Progress bar / dynamic meter for the terminal
JavaScript
1
star
30

cli-interval

Repeat a command at a given interval, and aggregate its output
JavaScript
1
star
31

label-filter

Filtering DSL to match a set of labels
JavaScript
1
star
32

cli-average

Average values from stdout over a given interval
JavaScript
1
star
33

Uluru

Swift
1
star
34

emit-response-size

Emit the response size as an event
JavaScript
1
star