- Express.js Basics
- Express.js HOME
- Express.js Introduction
- Express.js Installation
- Express.js Basic App
- Express.js Routing
- Basics Routing
- Route Parameters
- Handling Query Strings
- Router Middleware
- Middleware
- What is Middleware?
- Application-Level Middleware
- Router-Level Middleware
- Built-In Middleware
- Error-Handling Middleware
- Third-Party Middleware
- Express.js HTTP
- Handling GET Requests
- Handling POST Requests
- Handling PUT Requests
- Handling DELETE Requests
- Templating Engines
- Using Templating Engines
- Setting Up EJS
- Setting Up Handlebars
- Setting Up Pug
- Request/Response
- Request Object
- Response Object
- Handling JSON Data
- Handling Form Data
- Static Files
- Serving Static Files
- Setting Up Static Folders
- Managing Assets
- Express.js Advanced
- Middleware Stack
- CORS in Express.js
- JWT Authentication
- Session Handling
- File Uploads
- Error Handling
- Databases
- Express.js with MongoDB
- MongoDB CRUD Operations
- Express.js with MySQL
- MySQL CRUD Operations
- Deployment
- Deploying Express.js Apps to Heroku
- Deploying Express.js Apps to AWS
- Deploying Express.js Apps to Vercel
Express.js CORS
Cross-Origin Resource Sharing (CORS) is a mechanism that allows controlled access to resources located on a different domain. In Express.js, configuring CORS enables your application to handle cross-origin requests, which are common in modern web development.
Key Features of CORS
- Cross-Origin Requests: Allows requests from different domains, origins, or ports.
- Custom Headers: Enables adding specific headers for authentication or other purposes.
- Flexible Configuration: Allows restricting access based on methods, headers, or origins.
- Browser Compatibility: Ensures compliance with modern browser security policies.
Configuring CORS in Express.js
Installing the cors Package
To handle CORS in an Express.js application, install the cors middleware using npm.
npm install cors
Enabling CORS for All Routes
Use the cors middleware to enable CORS globally in your Express.js application.
Example:
const express = require('express');
const cors = require('cors');
const app = express();
app.use(cors()); // Enables CORS for all routes
app.get('/', (req, res) => {
res.send('CORS enabled!');
});
app.listen(3000, () => {
console.log('Server running on port 3000');
});
Restricting Access to Specific Origins
You can configure the cors middleware to allow only specific origins.
Example:
const corsOptions = {
origin: 'https://example.com', // Allow only this origin
methods: ['GET', 'POST'], // Restrict allowed HTTP methods
allowedHeaders: ['Content-Type', 'Authorization'], // Specify allowed headers
};
app.use(cors(corsOptions));
Enabling CORS for Specific Routes
Apply the cors middleware to specific routes instead of enabling it globally.
Example:
app.get('/public', cors(), (req, res) => {
res.send('Public route with CORS enabled');
});
app.get('/private', (req, res) => {
res.send('Private route without CORS');
});
Handling Preflight Requests
Browsers send a preflight request (HTTP OPTIONS) to check permissions for cross-origin requests. The cors middleware automatically handles these requests.
Example:
app.options('/api', cors()); // Enable preflight requests for /api route
Custom Middleware for CORS
You can implement your own middleware to control CORS behavior.
Example:
app.use((req, res, next) => {
res.header('Access-Control-Allow-Origin', 'https://example.com');
res.header('Access-Control-Allow-Methods', 'GET, POST');
res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization');
next();
});
Example Application with CORS
const express = require('express');
const cors = require('cors');
const app = express();
const corsOptions = {
origin: 'https://example.com',
methods: ['GET', 'POST'],
};
app.use(cors(corsOptions)); // Enable CORS with options
app.get('/data', (req, res) => {
res.json({ message: 'This is a cross-origin resource' });
});
app.listen(3000, () => {
console.log('Server running on port 3000');
});
Summary
CORS is essential for managing cross-origin requests in web applications. Express.js simplifies CORS handling with the cors middleware, allowing you to configure access policies effectively. By enabling, restricting, or customizing CORS behavior, you can ensure secure and efficient interaction between client and server in a distributed environment.