Skip to content
/ node-secure-cors Public

CORS for Node.js that does not allow wildcards for Subdomain attacks

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

laynef/node-secure-cors

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits

node_modules

node_modules

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

index.js

index.js

 
 

package-lock.json

package-lock.json

 
 

package.json

package.json

 
 

Repository files navigation

Secure CORS

Installation

npm i -S secure-cors

Why Secure CORS

/*
Use secure CORS because it gives errors when you use wild cards for origins.
Allowing any wild cards in your CORS allows you to use your server with any domain under that wildcard.
Be sure to specify the exact urls you need.
*/

const express = require('express');
const cors = require('secure-cors');

const app = express();

app.use(cors({
    origin: 'https://www.example.com' // never '*' or '*.example.com'
}));

app.listen(3000);

About

CORS for Node.js that does not allow wildcards for Subdomain attacks

Topics

cors security subdomains

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages