Конструктор CORS-заголовков
Генерация конфигурации CORS (Cross-Origin Resource Sharing) для вашего веб-сервера или API-фреймворка.
Use * for all origins or specify domain(s)
// Express.js with cors middleware
const cors = require('cors');
const corsOptions = {
origin: '*',
methods: 'GET, POST, PUT, DELETE, OPTIONS',
allowedHeaders: 'Content-Type, Authorization',
credentials: false,
maxAge: 86400
};
app.use(cors(corsOptions));
// Or manually:
app.use((req, res, next) => {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization');
res.header('Access-Control-Max-Age', '86400');
if (req.method === 'OPTIONS') {
return res.status(204).end();
}
next();
});About CORS
- • CORS (Cross-Origin Resource Sharing) controls which domains can access your API
- • Browsers send preflight OPTIONS requests for non-simple requests
- • Allow-Credentials cannot be used with Allow-Origin: *
- • Max-Age caches preflight responses to reduce requests
CORS - Технические детали
CORS is a security mechanism that allows servers to specify which origins can access their resources. Browsers block cross-origin requests by default; CORS headers tell the browser it's safe to allow them.
Альтернатива командной строки
# Test CORS with curl (preflight)\ncurl -X OPTIONS -H 'Origin: http://localhost:3000' \\\n -H 'Access-Control-Request-Method: POST' \\\n -v https://api.example.com/endpoint