amirho/expressjs.com
1
0
Fork 0
mirror of https://github.com/expressjs/expressjs.com.git synced 2026-02-21 19:41:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update external docs (#1946)

Browse Source 
update external docs

Co-authored-by: Create or Update Pull Request Action <create-or-update-pull-request@users.noreply.github.com>
Co-authored-by: Sebastian Beltran <bjohansebas@gmail.com>
This commit is contained in:
github-actions[bot]
2025-06-10 21:07:52 -05:00
committed by GitHub
parent 0f3d24cabc
commit 9e68fa2c6c
4 changed files with 80 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
_includes/readmes/cors.md
View File

@@ -16,7 +16,7 @@ CORS is a node.js package for providing a [Connect](http://www.senchalabs.org/co
* [Configuring CORS](#configuring-cors)
* [Configuring CORS w/ Dynamic Origin](#configuring-cors-w-dynamic-origin)
* [Enabling CORS Pre-Flight](#enabling-cors-pre-flight)
* [Configuring CORS Asynchronously](#configuring-cors-asynchronously)
* [Customizing CORS Settings Dynamically per Request](#customizing-cors-settings-dynamically-per-request)
* [Configuration Options](#configuration-options)
* [License](#license)
* [Author](#author)
@@ -69,6 +69,8 @@ app.listen(80, function () {
### Configuring CORS
See the [configuration options](#configuration-options) for details.
```javascript
var express = require('express')
var cors = require('cors')
@@ -161,27 +163,45 @@ NOTE: When using this middleware as an application level middleware (for
example, `app.use(cors())`), pre-flight requests are already handled for all
routes.
### Configuring CORS Asynchronously
### Customizing CORS Settings Dynamically per Request
For APIs that require different CORS configurations for specific routes or requests, you can dynamically generate CORS options based on the incoming request. The `cors` middleware allows you to achieve this by passing a function instead of static options. This function is called for each incoming request and must use the callback pattern to return the appropriate CORS options.
The function accepts:
1. **`req`**:
- The incoming request object.
2. **`callback(error, corsOptions)`**:
- A function used to return the computed CORS options.
- **Arguments**:
- **`error`**: Pass `null` if theres no error, or an error object to indicate a failure.
- **`corsOptions`**: An object specifying the CORS policy for the current request.
Heres an example that handles both public routes and restricted, credential-sensitive routes:
```javascript
var express = require('express')
var cors = require('cors')
var app = express()
var allowlist = ['http://example1.com', 'http://example2.com']
var corsOptionsDelegate = function (req, callback) {
var dynamicCorsOptions = function(req, callback) {
var corsOptions;
if (allowlist.indexOf(req.header('Origin')) !== -1) {
corsOptions = { origin: true } // reflect (enable) the requested origin in the CORS response
if (req.path.startsWith('/auth/connect/')) {
corsOptions = {
origin: 'http://mydomain.com', // Allow only a specific origin
credentials: true, // Enable cookies and credentials
};
} else {
corsOptions = { origin: false } // disable CORS for this request
corsOptions = { origin: '*' }; // Allow all origins for other routes
}
callback(null, corsOptions) // callback expects two parameters: error and options
}
callback(null, corsOptions);
};
app.get('/products/:id', cors(corsOptionsDelegate), function (req, res, next) {
res.json({msg: 'This is CORS-enabled for an allowed domain.'})
})
app.use(cors(dynamicCorsOptions));
app.get('/auth/connect/twitter', function (req, res) {
res.send('CORS dynamically applied for Twitter authentication.');
});
app.get('/public', function (req, res) {
res.send('Public data with open CORS.');
});
app.listen(80, function () {
console.log('CORS-enabled web server listening on port 80')
@@ -192,7 +212,9 @@ app.listen(80, function () {
* `origin`: Configures the **Access-Control-Allow-Origin** CORS header. Possible values:
- `Boolean` - set `origin` to `true` to reflect the [request origin](http://tools.ietf.org/html/draft-abarth-origin-09), as defined by `req.header('Origin')`, or set it to `false` to disable CORS.
- `String` - set `origin` to a specific origin. For example if you set it to `"http://example.com"` only requests from "http://example.com" will be allowed.
- `String` - set `origin` to a specific origin. For example, if you set it to
- `"http://example.com"` only requests from "http://example.com" will be allowed.
- `"*"` for all domains to be allowed.
- `RegExp` - set `origin` to a regular expression pattern which will be used to test the request origin. If it's a match, the request origin will be reflected. For example the pattern `/example\.com$/` will reflect any request that is coming from an origin ending with "example.com".
- `Array` - set `origin` to an array of valid origins. Each origin can be a `String` or a `RegExp`. For example `["http://example1.com", /\.example2\.com$/]` will accept any request from "http://example1.com" or from a subdomain of "example2.com".
- `Function` - set `origin` to a function implementing some custom logic. The function takes the request origin as the first parameter and a callback (called as `callback(err, origin)`, where `origin` is a non-function value of the `origin` option) as the second.

30
_includes/readmes/method-override.md
View File

@@ -67,9 +67,9 @@ typically be used in conjunction with `XMLHttpRequest` on implementations
that do not support the method you are trying to use.
```js
var express = require('express')
var methodOverride = require('method-override')
var app = express()
const express = require('express')
const methodOverride = require('method-override')
const app = express()
// override with the X-HTTP-Method-Override header in the request
app.use(methodOverride('X-HTTP-Method-Override'))
@@ -80,7 +80,7 @@ Example call with header override using `XMLHttpRequest`:
<!-- eslint-env browser -->
```js
var xhr = new XMLHttpRequest()
const xhr = new XMLHttpRequest()
xhr.onload = onload
xhr.open('post', '/resource', true)
xhr.setRequestHeader('X-HTTP-Method-Override', 'DELETE')
@@ -102,9 +102,9 @@ query value would typically be used in conjunction with plain HTML
newer methods.
```js
var express = require('express')
var methodOverride = require('method-override')
var app = express()
const express = require('express')
const methodOverride = require('method-override')
const app = express()
// override with POST having ?_method=DELETE
app.use(methodOverride('_method'))
@@ -121,9 +121,9 @@ Example call with query override using HTML `<form>`:
### multiple format support
```js
var express = require('express')
var methodOverride = require('method-override')
var app = express()
const express = require('express')
const methodOverride = require('method-override')
const app = express()
// override with different headers; last one takes precedence
app.use(methodOverride('X-HTTP-Method')) // Microsoft
@@ -137,10 +137,10 @@ You can implement any kind of custom logic with a function for the `getter`. The
implements the logic for looking in `req.body` that was in `method-override@1`:
```js
var bodyParser = require('body-parser')
var express = require('express')
var methodOverride = require('method-override')
var app = express()
const bodyParser = require('body-parser')
const express = require('express')
const methodOverride = require('method-override')
const app = express()
// NOTE: when using req.body, you must fully parse the request body
// before you call methodOverride() in your middleware stack,
@@ -149,7 +149,7 @@ app.use(bodyParser.urlencoded())
app.use(methodOverride(function (req, res) {
if (req.body && typeof req.body === 'object' && '_method' in req.body) {
// look in urlencoded POST bodies and delete it
var method = req.body._method
const method = req.body._method
delete req.body._method
return method
}

6
_includes/readmes/serve-favicon.md
View File

@@ -3,8 +3,8 @@
[![NPM Version][npm-image]][npm-url]
[![NPM Downloads][downloads-image]][downloads-url]
[![Linux Build Status][ci-image]][ci-url]
[![Windows Build][appveyor-image]][appveyor-url]
[![Coverage Status][coveralls-image]][coveralls-url]
[![OpenSSF Scorecard Badge][ossf-scorecard-badge]][ossf-scorecard-visualizer]
Node.js middleware for serving a favicon.
@@ -124,8 +124,6 @@ server.listen(3000)
[MIT](LICENSE)
[appveyor-image]: https://img.shields.io/appveyor/ci/dougwilson/serve-favicon/master.svg?label=windows
[appveyor-url]: https://ci.appveyor.com/project/dougwilson/serve-favicon
[ci-image]: https://badgen.net/github/checks/expressjs/serve-favicon/master?label=ci
[ci-url]: https://github.com/expressjs/serve-favicon/actions/workflows/ci.yml
[coveralls-image]: https://img.shields.io/coveralls/expressjs/serve-favicon.svg
@@ -134,3 +132,5 @@ server.listen(3000)
[downloads-url]: https://npmjs.org/package/serve-favicon
[npm-image]: https://img.shields.io/npm/v/serve-favicon.svg
[npm-url]: https://npmjs.org/package/serve-favicon
[ossf-scorecard-badge]: https://api.scorecard.dev/projects/github.com/expressjs/serve-favicon/badge
[ossf-scorecard-visualizer]: https://ossf.github.io/scorecard-visualizer/#/projects/github.com/expressjs/serve-favicon