From 8a00e70f9b2ba614581feff57fe1e92ef72836c1 Mon Sep 17 00:00:00 2001 From: Troy Goode Date: Sun, 28 Apr 2013 14:34:42 -0400 Subject: [PATCH] bump to v1 --- CONTRIBUTING.md | 9 +++++++++ README.md | 27 ++++++++++++++++++++++++--- package.json | 2 +- 3 files changed, 34 insertions(+), 4 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3099d5d..308ea77 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -22,6 +22,15 @@ $ npm test $ npm run lint ``` +## Interactive Testing Harness + +[http://node-cors-client.herokuapp.com](http://node-cors-client.herokuapp.com) + +Related git repositories: + +* [https://github.com/TroyGoode/node-cors-server](https://github.com/TroyGoode/node-cors-server) +* [https://github.com/TroyGoode/node-cors-client](https://github.com/TroyGoode/node-cors-client) + ## License [MIT License](http://www.opensource.org/licenses/mit-license.php) diff --git a/README.md b/README.md index 633f706..3d74303 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,6 @@ var express = require('express') , cors = require('cors') , app = express(); -app.options('/products/:id', cors()); // enable preflight request app.get('/products/:id', cors(), function(req, res, next){ res.json({msg: 'This is CORS-enabled for all origins!'}); }); @@ -49,7 +48,6 @@ var corsOptions = { origin: 'http://example.com' }; -app.options('/products/:id', cors(corsOptions)); // enable preflight request app.get('/products/:id', cors(corsOptions), function(req, res, next){ res.json({msg: 'This is CORS-enabled for only example.com.'}); }); @@ -77,7 +75,6 @@ var corsOptionsDelegate = function(req, callback){ callback(null, corsOptions); // callback expects two parameters: error and options }; -app.options('/products/:id', cors(corsOptionsDelegate)); // enable preflight request app.get('/products/:id', cors(corsOptionsDelegate), function(req, res, next){ res.json({msg: 'This is CORS-enabled for a whitelisted domain.'}); }); @@ -87,6 +84,30 @@ app.listen(80, function(){ }); ``` +### Enabling CORS Pre-Flight + +Certain CORS requests are considered 'complex' and require an initial +`OPTIONS` request (called the "pre-flight request"). An example of a +'complex' CORS request is one that uses an HTTP verb other than +GET/HEAD/POST (such as DELETE) or that uses custom headers. To enable +preflighting, you must add a new OPTIONS handler for the route you want +to support: + +```javascript +var express = require('express') + , cors = require('cors') + , app = express(); + +app.options('/products/:id', cors()); // enable preflight request for DELETE request +app.del('/products/:id', cors(), function(req, res, next){ + res.json({msg: 'This is CORS-enabled for all origins!'}); +}); + +app.listen(80, function(){ + console.log('CORS-enabled web server listening on port 80'); +}); +``` + ## Configuration Options * `origin`: Configures the **Access-Control-Allow-Origin** CORS header. Expects a string (ex: "http://example.com"). Set to `true` to reflect the [request origin](http://tools.ietf.org/html/draft-abarth-origin-09), as defined by `req.header('Origin')`. Set to `false` to disable CORS. diff --git a/package.json b/package.json index c7fd9d2..dfad82c 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "cors" - , "version": "0.1.1" + , "version": "1.0.0" , "author": "Troy Goode (https://github.com/troygoode/)" , "description": "middleware for dynamically or statically enabling CORS in express/connect applications" , "keywords": ["cors", "express", "connect", "middleware"]