WayrApp Backend & Ecosystem Documentation - v1.0.0
    Preparing search index...

    Variable corsOptionsConst

    corsOptions: {
        origin: (
            origin: undefined | string,
            callback: (err: null | Error, allow?: boolean) => void,
        ) => void;
        credentials: boolean;
        optionsSuccessStatus: number;
        methods: string[];
        allowedHeaders: string[];
        exposedHeaders: string[];
    } = ...

    CORS (Cross-Origin Resource Sharing) Configuration

    Configures cross-origin request policies for the Express application. This configuration controls which domains can access the API, what HTTP methods are allowed, and which headers can be sent in cross-origin requests. The origin validation function checks incoming requests against a whitelist of allowed domains from environment variables.

    The configuration supports both development and production environments by allowing requests with no origin (mobile apps, Postman) and dynamically validating origins against the CORS_ORIGIN environment variable. Failed CORS validations are logged for security monitoring purposes.

    CORS configuration object for Express cors middleware

    Type declaration

    • origin: (
          origin: undefined | string,
          callback: (err: null | Error, allow?: boolean) => void,
      ) => void
    • credentials: boolean
    • optionsSuccessStatus: number
    • methods: string[]
    • allowedHeaders: string[]
    • exposedHeaders: string[]
    // Usage in main application setup
    import cors from 'cors';
    import { corsOptions } from '@/shared/middleware/security';

    app.use(cors(corsOptions));

    // Environment variable configuration
    // .env file
    CORS_ORIGIN=http://localhost:3000,https://app.wayrapp.com,https://admin.wayrapp.com

    // Allow all origins in development (not recommended for production)
    // .env file
    CORS_ORIGIN=*

    Settings

    Member Visibility