how to use cors

var allowedOrigins = ['http://localhost:3000', 'http://yourapp.com']; app.use(cors({ origin: function(origin, callback){ // allow requests with no origin // (like mobile apps or curl requests) if(!origin) return callback(null, true); if(allowedOrigins.indexOf(origin) === -1){ var msg = 'The CORS policy for this site does not ' + 'allow access from the specified Origin.'; return callback(new Error(msg), false); } return callback(null, true); } }));

what is CORS

Use CORS to allow cross-origin access. 
CORS is a part of HTTP that lets servers specify any other hosts 
from which a browser should permit loading of content.

How to block cross-origin access
To prevent cross-origin writes, 
	check an unguessable token in the request — known as a Cross-Site Request Forgery (CSRF) token. 
    prevent cross-origin reads of pages that require this token.
To prevent cross-origin reads of a resource, 
	ensure that it is not embeddable.
    prevent embedding because embedding a resource always leaks some information about it.
To prevent cross-origin embeds, 
	ensure that your resource cannot be interpreted
    Browsers may not respect the Content-Type header. 
For example, if you point a <script> tag at an HTML document, the browser will try to parse the HTML as JavaScript. When your resource is not an entry point to your site, you can also use a CSRF token to prevent embedding.

Posted by: Guest on November-19-2020

Code answers related to "how to use cors"

Code answers related to "Javascript"

Javascript Answers by Framework

Browse Popular Code Answers by Language

Answers for "how to use cors"

Code answers related to "how to use cors"

Code answers related to "Javascript"

Javascript Answers by Framework

Browse Popular Code Answers by Language

Popular Programming Languages

Advertisements

Company

Compilers

Help

Connect with us