What does cors middleware do?

Question

Was looking at some node js code which created some web API's and came across this:

//CORS Middleware
app.use(function (req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Methods", "GET,HEAD,OPTIONS,POST,PUT");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, 
contentType,Content-Type, Accept, Authorization");
next();
});

Have looked around on the internet and can't seem to understand what it does? Can someone please explain the purpose of cors middleware

Middleware is an express term. Is it York question really about CORS? — OneCricketeer, Jun 06 '17 at 00:14
Possible duplicate of [How does Access-Control-Allow-Origin header work?](https://stackoverflow.com/questions/10636611/how-does-access-control-allow-origin-header-work) — OneCricketeer, Jun 06 '17 at 00:15

score 14 · Answer 1 · answered Jun 06 '17 at 00:02

This link may help.

https://learn.microsoft.com/en-us/aspnet/web-api/overview/security/enabling-cross-origin-requests-in-web-api

CORS allows you to configure the web API's security. It has to do with allowing other domains to make requests against your web API. For example, if you had your web API on one server and your web app on another you could configure CORS in your Web API to allow your web app to make calls to your web API.

What does cors middleware do?

1 Answers1