CORS
🌐 CORS Extension
Section titled “🌐 CORS Extension”CORS (Cross-Origin Resource Sharing) is a security feature implemented by browsers to restrict how web pages can make requests to a different domain. Zuno includes a built-in CORS extension to help you configure access rules for your API.
⚙️ Enabling CORS
Section titled “⚙️ Enabling CORS”To enable CORS with default settings (allow all origins), use:
app.use(cors());This will:
- Allow all origins (
*) - Accept common HTTP methods (
GET,POST, etc.) - Enable basic headers
⚠️ This is fine for development, but not recommended for production.
🛠️ Custom Configuration
Section titled “🛠️ Custom Configuration”You can customize the behavior by passing an options object:
app.use(cors({"https://example.com","GET,POST","Content-Type,Authorization",}));Available options:
Section titled “Available options:”| Option | Type | Description |
|---|---|---|
origin | string | Allowed origin (e.g. "https://example.com") |
methods | string | Allowed HTTP methods (comma-separated) |
headers | string | Allowed request headers |
credentials | bool | Whether to allow cookies and credentials |
🧪 Example: Restrict to Trusted Frontend
Section titled “🧪 Example: Restrict to Trusted Frontend”app.use(cors({"https://frontend.myapp.com","GET,POST",}));This configuration allows only your frontend app to access the API and supports cookies or tokens.
🔍 Preflight Requests
Section titled “🔍 Preflight Requests”Zuno automatically handles OPTIONS preflight requests when CORS is enabled. You don’t need to define them manually.
🧭 Best Practices
Section titled “🧭 Best Practices”- Always restrict
originin production - Enable
credentialsonly when needed - Avoid using
*withcredentials: true(not allowed by browsers) - Use HTTPS to prevent mixed-content issues
🧭 Next Steps
Section titled “🧭 Next Steps”Explore more extensions:
Zuno’s CORS extension gives you fine-grained control over who can access your API—securely and effortlessly.