-
Notifications
You must be signed in to change notification settings - Fork 2
CORS
BrewedSys edited this page Mar 30, 2026
·
1 revision
Http-native includes a built-in CORS (Cross-Origin Resource Sharing) middleware.
import { createApp } from "@http-native/core";
import { cors } from "@http-native/core/cors";
const app = createApp();
// Allow all origins (default)
app.use(cors());app.use(cors({
origin: "https://example.com",
methods: "GET,POST,PUT,DELETE",
allowedHeaders: "Content-Type,Authorization",
credentials: true,
maxAge: 86400,
}));| Option | Type | Default | Description |
|---|---|---|---|
origin |
string | string[] | boolean |
"*" |
Allowed origin(s). true reflects the request origin. |
methods |
string |
"GET,HEAD,PUT,PATCH,POST,DELETE" |
Allowed HTTP methods |
allowedHeaders |
string |
Reflects request headers | Allowed request headers |
credentials |
boolean |
false |
Whether to include Access-Control-Allow-Credentials
|
maxAge |
number |
— | Preflight response cache duration in seconds |
app.use(cors({
origin: "https://myapp.com",
credentials: true,
}));app.use(cors({
origin: ["https://myapp.com", "https://staging.myapp.com"],
}));app.use(cors({
origin: true,
credentials: true,
}));app.use("/api", cors({
origin: "https://myapp.com",
credentials: true,
}));Http-native is open to everyone, but we have strict regulations and licensing fees for large organizations