Open paganellif opened 4 months ago
Wholesale disabling of CORS may have its uses, but I think it would be a lot more useful if consumers of this package were able to set the "allow origins" (for example) as a wildcard asterisk * typically gets rejected by HTTP clients with "credentials" (for example).
I agree with you, but I think both are a useful feature. CORS could perhaps be handled better using the CORS package as indicated in the express documentation. If you agree I can refactor it with these changes.
With the latest changes, it works behind an API gateway with CORS enabled and allowedOrigins
defined in the serverOptions
. I've also updated the custom route methods (i.e. expressUse
and expressGet
) and the example in the README that shows how to enable CORS in these cases.
This feature allows you to disable CORS via the server options
Closes #34