Interface Options

interface Options {
    allowedHeaders?: string[];
    credentials?: boolean;
    exposedHeaders?: string[];
    maxAge?: number;
    methods?: string[];
    origin?: Origin | (origin: string) => Promisable<Origin>;
}

Hierarchy (View Summary)

Properties

allowedHeaders? credentials? exposedHeaders? maxAge? methods? origin?

Properties

OptionalallowedHeaders

allowedHeaders?: string[]

Configures the Access-Control-Allow-Headers CORS header.

Default

[]

Optionalcredentials

credentials?: boolean

Configures the Access-Control-Allow-Credentials CORS header.

Default

false

OptionalexposedHeaders

exposedHeaders?: string[]

Configures the Access-Control-Expose-Headers CORS header.

Default

[]

OptionalmaxAge

maxAge?: number

Configures the Access-Control-Max-Age CORS header.

Default

0

Optionalmethods

methods?: string[]

Configures the Access-Control-Allow-Methods CORS header.

Default

["GET", "HEAD", "PUT", "PATCH", "POST", "DELETE"]

Optionalorigin

origin?: Origin | (origin: string) => Promisable<Origin>

Configures the Access-Control-Allow-Origin CORS header.

Possible values:

  • true: Enable CORS for any origin (same as "*")
  • false: Don't setup CORS
  • string: Set to a specific origin, if set to "*" it will allow any origin
  • RegExp: Set to a RegExp to match against the origin
  • Array<string | RegExp>: Set to an array of origins to match against the string or RegExp
  • Function: Set to a function that will be called with the request origin and should return a boolean indicating if the origin is allowed or not.

Default

true

Settings

Member Visibility

On This Page

Properties