myex-cli/src/security/cors.js

Opinionated Express.js framework with CLI tools

import cors from 'cors';

/**
 * Configure CORS middleware for Express
 * @param {import('express').Application} app - Express application
 */
export const configureCors = (app) => {
  // Define CORS options
  const corsOptions = {
    origin: (origin, callback) => {
      // Allow requests with no origin (like mobile apps, curl requests)
      if (!origin) return callback(null, true);
      
      // Define allowed origins
      const allowedOrigins = [
        'http://localhost:3000',
        'http://localhost:8080',
        // Add production origins here
      ];
      
      // Check if the origin is allowed
      if (allowedOrigins.indexOf(origin) !== -1 || process.env.NODE_ENV === 'development') {
        callback(null, true);
      } else {
        callback(new Error('CORS policy violation: Not allowed by CORS'));
      }
    },
    methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
    allowedHeaders: ['Content-Type', 'Authorization'],
    credentials: true,
    preflightContinue: false,
    optionsSuccessStatus: 204,
  };
  
  // Apply CORS middleware
  app.use(cors(corsOptions));
};