0
0
NodejsHow-ToBeginner · 3 min read

How to Use CORS in Node.js: Simple Setup Guide

To use cors in Node.js, install the cors package and add it as middleware in your Express app with app.use(cors()). This allows your server to accept requests from different origins safely.
📐

Syntax

The cors middleware is used in an Express app to enable Cross-Origin Resource Sharing. You import it, then use app.use(cors()) to allow all origins by default. You can also pass options to restrict or customize allowed origins and methods.

  • cors(): Enables CORS with default settings (all origins allowed).
  • cors(options): Customize CORS behavior with options like origin, methods, and credentials.
javascript
import express from 'express';
import cors from 'cors';

const app = express();

// Enable CORS for all origins
app.use(cors());

// Or enable CORS with options
// app.use(cors({ origin: 'https://example.com', methods: ['GET', 'POST'] }));
💻

Example

This example shows a simple Express server that uses cors middleware to allow requests from any origin. It responds with a JSON message on the root route.

javascript
import express from 'express';
import cors from 'cors';

const app = express();

app.use(cors()); // Enable CORS for all origins

app.get('/', (req, res) => {
  res.json({ message: 'CORS is enabled!' });
});

app.listen(3000, () => {
  console.log('Server running on http://localhost:3000');
});
Output
Server running on http://localhost:3000
⚠️

Common Pitfalls

Common mistakes when using CORS in Node.js include:

  • Not installing or importing the cors package.
  • Forgetting to use app.use(cors()) before defining routes.
  • Using restrictive options without allowing the needed origins or methods.
  • Not handling preflight OPTIONS requests when using complex requests.

Always place cors middleware before your routes to ensure it works correctly.

javascript
/* Wrong: cors middleware after routes - CORS headers won't be sent */
app.get('/data', (req, res) => {
  res.json({ data: 'info' });
});
app.use(cors());

/* Right: cors middleware before routes */
app.use(cors());
app.get('/data', (req, res) => {
  res.json({ data: 'info' });
});
📊

Quick Reference

OptionDescriptionExample
originDefines allowed origins (string, array, or function)origin: "https://example.com"
methodsAllowed HTTP methodsmethods: ["GET", "POST"]
credentialsAllow cookies and credentialscredentials: true
preflightContinuePass OPTIONS preflight to next handlerfalse (default)
optionsSuccessStatusStatus code for successful OPTIONS204 (default)

Key Takeaways

Install and import the cors package to enable CORS in Node.js.
Use app.use(cors()) before your routes to allow cross-origin requests.
Customize CORS with options to restrict origins and methods as needed.
Remember to handle preflight OPTIONS requests for complex requests.
Common errors include placing cors middleware after routes or missing it entirely.

Related by keyword

How to Use node-fetch in Node.js: Simple GuideHTTP RequestsHow to Use Node Test Runner in Node.js: Simple GuideTestingHow to Create Custom Module in Node.js: Simple GuideModulesHow to Append to File in Node.js: Simple GuideFile SystemHow to Check if File Exists in Node.js: Simple GuideFile System

Up next

How to Use Debugger in Node.js: Simple GuideHow to Use Node Inspect in Node.js for DebuggingHow to Connect to MongoDB in Node.js: Simple GuideHow to Connect to MySQL in Node.js: Simple Guide

More in Security

How to Handle JWT in Node.js: Fixes and Best PracticesHow to Prevent CSRF Attacks in Node.js SecurelyHow to Prevent SQL Injection in Node.js: Safe Database QueriesHow to Prevent XSS in Node.js: Simple and Effective Methods