- Install the 'cors' npm package:
npm install cors
- Import 'cors' in your Node.js file:
const cors = require('cors');
- Use 'cors' middleware in your Express application:
const express = require('express');
const app = express();
app.use(cors());
- Configure specific origins (optional):
const corsOptions = {
origin: 'http://your-allowed-origin.com',
optionsSuccessStatus: 200 // some legacy browsers (IE11, various SmartTVs) choke on 204
};
app.use(cors(corsOptions));
- Handle CORS preflight requests:
app.options('*', cors());
- Enable credentials for cross-origin requests (optional):
const corsOptions = {
origin: 'http://your-allowed-origin.com',
optionsSuccessStatus: 200,
credentials: true,
};
app.use(cors(corsOptions));
- Adjust response headers for handling credentials:
const corsOptions = {
origin: 'http://your-allowed-origin.com',
optionsSuccessStatus: 200,
credentials: true,
};
app.use(cors(corsOptions));
app.use((req, res, next) => {
res.header('Access-Control-Allow-Credentials', true);
res.header('Access-Control-Allow-Origin', 'http://your-allowed-origin.com');
res.header('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization');
if (req.method === 'OPTIONS') {
res.sendStatus(200);
} else {
next();
}
});