Type Alias AxonCorsConfig

AxonCorsConfig: {
    allowedHeaders?: string | string[];
    credentials?: boolean;
    exposedHeaders?: string | string[];
    maxAge?: number;
    methods?: string | string[];
    optionsSuccessStatus?: number;
    origin?:
        | boolean
        | string
        | (string | RegExp)[]
        | Function;
    preflightContinue?: boolean;
}

Cors configuration for AxonCore.

Type declaration

  • OptionalallowedHeaders?: string | string[]

    Configures the Access-Control-Allow-Headers CORS header.

    Possible values:

    • String - exprects a comma-delimited 'Content-Type,Authorization'

    • Array - ['Content-Type', 'Authorization']

    If not specified, defaults to reflecting the headers specified in the request's Access-Control-Request-Headers header.

  • Optionalcredentials?: boolean

    Configures the Access-Control-Allow-Credentials CORS header.

    Set to true to pass the header, otherwise it is omitted.

  • OptionalexposedHeaders?: string | string[]

    Configures the Access-Control-Expose-Headers CORS header.

    Possible values:

    • String - exprects a comma-delimited 'Content-Range,X-Content-Range'

    • Array - ['Content-Range', 'X-Content-Range']

    If not specified, no custom headers are exposed.

  • OptionalmaxAge?: number

    Configures the Access-Control-Max-Age CORS header.

    Set to an integer to pass the header, otherwise it is omitted.

  • Optionalmethods?: string | string[]

    Configures the Access-Control-Allow-Methods CORS header.

    Possible values:

    • String - exprects a comma-delimited 'GET,POST,DELETE'

    • Array - ['GET', 'POST', 'DELETE']

  • OptionaloptionsSuccessStatus?: number

    Provides a status code to use for successful OPTIONS requests, since some legacy browsers (IE11, various SmartTVs) choke on 204.

  • Optionalorigin?:
        | boolean
        | string
        | (string | RegExp)[]
        | Function

    Configures the Access-Control-Allow-Origin CORS header.

    Possible values:

    • Boolean - set origin to true to reflect the request origin, as defined by req.header('Origin'), or set it to false to disable CORS.

    • String - set origin to a specific origin. For example if you set it to "http://example.com" only requests from "http://example.com" will be allowed.

    • RegExp - set origin to a regular expression pattern which will be used to test the request origin. If it's a match, the request origin will be reflected. For example the pattern /example\.com$/ will reflect any request that is coming from an origin ending with "example.com".

    • Array - set origin to an array of valid origins. Each origin can be a String or a RegExp. For example ["http://example1.com", /\.example2\.com$/] will accept any request from "http://example1.com" or from a subdomain of "example2.com".

    • Function - set origin to a function implementing some custom logic. The function takes the request origin as the first parameter and a callback (which expects the signature err [object], allow [bool]) as the second.

  • OptionalpreflightContinue?: boolean

    Pass the CORS preflight response to the next handler.

Settings

Member Visibility