jokuja
Reputation: 89
Dynamically allow domains for CORS
I am running node app with list of whitelisted frontend domains under nginx. Allowed domains are defined in .env file.
app.js:
app.use(cors());
cors.js:
const cors = require('cors');
const whitelist = process.env.CORS_DOMAINS.split(',');
module.exports = (enabled = true) =>
(req, res, next) => {
const options = {
origin(origin, callback) {
if (!origin) {
callback(null, true);
return;
}
const originIsWhitelisted = enabled ? whitelist.indexOf(origin) !== -1 : true;
if (originIsWhitelisted) {
console.log('cors runs');
callback(null, originIsWhitelisted);
return;
}
callback({
statusCode: 401,
error: 'Not allowed',
});
},
};
return cors(options)(req, res, next);
};
How can I update whitelisted domains when app is already running? I have list of domains in the database but don't want to look up every time because of performance.
Upvotes: 3
Views: 1591
Answers (1)
Vahid Alimohamadi
Reputation: 5868
You can use express dynamic middleware and use it in runtime with a trigger on database table.
Upvotes: 2
Related Questions
- Allow multiple CORS domain in express js
- How to allow CORS with Node.js (without using Express)
- Express CORS domain whitelist
- How to allow access via CORS to multiple domains within nginx
- Allowing CORS in NodeJS
- Configuring CORS npm package to whitelist some URLs
- how to allow cors for specific domain on express
- Node js allow Access-Control-Allow-Origin for all domain
- CORS issue in node.js failing
- CORS issue with 3 domains - what are the correct settings for CORS in this case?