@axonlabs/core - v0.13.1
    Preparing search index...

    Interface CorsOptions

    Cors configuration for AxonCore.

    interface CorsOptions {
        allowedHeaders?: string | string[];
        credentials?: boolean;
        exposedHeaders?: string | string[];
        headers?: string | string[];
        maxAge?: number;
        methods?: string | string[];
        optionsSuccessStatus?: number;
        origin?: string | boolean | RegExp | (string | RegExp)[];
        preflightContinue?: boolean;
    }
    Index

    Properties

    allowedHeaders? credentials? exposedHeaders? headers? maxAge? methods? optionsSuccessStatus? origin? preflightContinue?

    Properties

    allowedHeaders?: string | string[]

    Configures the Access-Control-Allow-Headers CORS header.

    Possible values:

    • String - exprects a comma-delimited 'Content-Type,Authorization'

    • Array - ['Content-Type', 'Authorization']

    If not specified, defaults to reflecting the headers specified in the request's Access-Control-Request-Headers header.

    credentials?: boolean

    Configures the Access-Control-Allow-Credentials CORS header.

    Set to true to pass the header, otherwise it is omitted.

    exposedHeaders?: string | string[]

    Configures the Access-Control-Expose-Headers CORS header.

    Possible values:

    • String - exprects a comma-delimited 'Content-Range,X-Content-Range'

    • Array - ['Content-Range', 'X-Content-Range']

    If not specified, no custom headers are exposed.

    headers?: string | string[]

    Alias for allowedHeaders.

    maxAge?: number

    Configures the Access-Control-Max-Age CORS header.

    Set to an integer to pass the header, otherwise it is omitted.

    methods?: string | string[]

    Configures the Access-Control-Allow-Methods CORS header.

    Possible values:

    • String - exprects a comma-delimited 'GET,POST,DELETE'

    • Array - ['GET', 'POST', 'DELETE']

    optionsSuccessStatus?: number

    Provides a status code to use for successful OPTIONS requests, since some legacy browsers (IE11, various SmartTVs) choke on 204.

    origin?: string | boolean | RegExp | (string | RegExp)[]

    Configures the Access-Control-Allow-Origin CORS header.

    Possible values:

    • Boolean - set origin to true to reflect the request origin, as defined by req.header('Origin'), or set it to false to disable CORS.

    • String - set origin to a specific origin. For example if you set it to "http://example.com" only requests from "http://example.com" will be allowed.

    • RegExp - set origin to a regular expression pattern which will be used to test the request origin. If it's a match, the request origin will be reflected. For example the pattern /example\.com$/ will reflect any request that is coming from an origin ending with "example.com".

    • Array - set origin to an array of valid origins. Each origin can be a String or a RegExp. For example ["http://example1.com", /\.example2\.com$/] will accept any request from "http://example1.com" or from a subdomain of "example2.com".

    • Function - set origin to a function implementing some custom logic. The function takes the request origin as the first parameter and a callback (which expects the signature err [object], allow [bool]) as the second.

    preflightContinue?: boolean

    Pass the CORS preflight response to the next handler.

    Settings

    Member Visibility

    On This Page

    Properties