CORS

Table of Contents

Cross-Origin Resource Sharing(CORS) is a way to allow incoming HTTP requests from different domains. It is very common in AJAX applications where the browser blocks all cross-domain requests if the server does not authorize them. Read more about CORS here.

Setup

Install the middleware provider from npm by executing the following command.

adonis install @adonisjs/cors

Next, register the provider inside start/app.js file.

start/app.js
const providers = [
  '@adonisjs/cors/providers/CorsProvider'
]

The middleware will be registered inside start/kernel.js file.

Server
  .use(['Adonis/Middleware/Cors'])

Config

The configuration for CORS is defined inside config/cors.js file and accepts following options.

origin

The origin(s) to be allowed for making cross domain requests. You can return one of the following values.

  • A boolean true or false to deny the current request origin.

  • A comma separated strings of domains to be allowed.

  • An array of domains to be allowed.

  • A function, which receives current request origin. Here you can compute whether or not the origin is allowed by returning true or false.

    origin: function (currentOrigin) {
      return currentOrigin === 'mywebsite.com'
    }

For all other options, go through the comments inside the config file.