Author -  Sai gowtham

How to allow CORS origins in Express

nodejs2min read

In this tutorial, we will learn what is cors and how to handle the cors (cross-origin resource sharing) requests in Express.

What is CORS?

Cross-origin resource sharing is a mechanism that prevents you from accessing website resources from a different domain or subdomain.

For example, you are sending a http request from the https://machine-23.com to https://car-23.com/parts.json you will get a cors error because both origins are different.

Allowing cors for all origins

To allow the cors for all origins (it means you can make HTTP requests from any origins), you need to use the cors middleware package in express.

Open your terminal and install the cors package by running the following command.

npm install cors

Usage:

const express = require("express");
const cors = require("cors");
const app = express();

app.use(cors());

app.get("/hello", (req, res) => {
  res.send('hello')
});

app.listen(3000, () => console.log(`App is running`));

Allowing cors for a single route

To allow the cors for a single route instead of all routes in your express app, you need to add cors() function to that route handler function.

Example:

const express = require("express");
const cors = require("cors");
const app = express();

app.get("/hello", cors(), (req, res) => {
  res.send('hello')
});

app.listen(3000, () => console.log(`App is running`));

Allowing Multiple origins

If you want to allow multiple origins (or domains) to access your backend API instead of all origins, you need to pass an options object to the cors() function.

Example:

const express = require("express");
const cors = require("cors");
const app = express();

const allowedOrigins = ['http://open-24.com', 'http://close-24.com']const corsOptions = {
  origin: function (origin, callback) {
    if (allowedOrigins.indexOf(origin) !== -1) {
      callback(null, true)
    } else {
      callback(new Error('Not allowed by CORS'))
    }
  }
}

app.use(cors(corsOptions));
app.get("/hello", (req, res) => {
  res.send('hello')
});

app.listen(3000, () => console.log(`App is running`));

Now, we can only access website data from the two origins that we added to the allowedOrigins array and all other origins are blocked.

Similar tutorials

How to solve the npm WARN package.json: No repository fieldHow to fix the node command not found issue in NvmTilde (~) vs Caret (^) in package.json fileHow to fix the 'cp' is not recognized as an internal or external commandHow to fix the alert is not defined error in Node.jstouch is not recognized as an internal or external command

Css Tutorials & Demos

How rotate an image continuously in CSS

In this demo, we are going to learn about how to rotate an image continuously using the css animations.

How to create a Instagram login Page

In this demo, i will show you how to create a instagram login page using html and css.

How to create a pulse animation in CSS

In this demo, i will show you how to create a pulse animation using css.

Creating a snowfall animation using css and JavaScript

In this demo, i will show you how to create a snow fall animation using css and JavaScript.

Top Udemy Courses

JavaScript - The Complete Guide 2023 (Beginner + Advanced)
JavaScript - The Complete Guide 2023 (Beginner + Advanced)
116,648 students enrolled
52 hours of video content
$14.99 FROM UDEMY
React - The Complete Guide (incl Hooks, React Router, Redux)
React - The Complete Guide (incl Hooks, React Router, Redux)
631,582 students enrolled
49 hours of video content
$24.99 FROM UDEMY
Vue - The Complete Guide (w/ Router, Vuex, Composition API)
Vue - The Complete Guide (w/ Router, Vuex, Composition API)
203,937 students enrolled
31.5 hours of video content
$14.99 FROM UDEMY