Plugin that allows Cross-Origin Resource Sharing (CORS). It answers preflight requests with the options method and sets the CORS headers. Additionally, requests are validated against the CORS configuration.
For a detailed explanation of CORS, see:
| Name | Required | Default | Description | Examples |
|---|---|---|---|---|
| headers | false | - | Comma-separated list of allowed request headers.
|
X-Custom-Header, Authorization, Content-Type |
| credentials | false | false |
Whether credentials like cookies or HTTP auth are allowed.
|
- |
| maxAge | false | - | Max age (in seconds) for caching preflight responses.
|
- |
| methods | false | * |
Comma-separated list of allowed HTTP methods.
|
GET, POST, PUT |
| allowAll | false | false |
Allows all origins, methods, and headers without validation. Not compatible with credentials=true.
|
- |
| origins | false | * |
Space-separated list of allowed origins. Use '*' to allow all.
|
https://example.com https://my.app |