For more complex scenarios, like allowing multiple origins, you can use a function for the origin option:
const corsOptions = {
origin: (origin, callback) => {
if (['http://example.com', 'http://another-example.com'].includes(origin)) {
callback(null, true);
} else {
callback(new Error('Not allowed by CORS'));
}
},
methods: 'GET,POST',
allowedHeaders: 'Content-Type,Authorization',
};
app.use(cors(corsOptions));
Leave a Reply