secure-express-setup/lib/cors.js

Military-grade one-command security setup for Express.js applications

// lib/cors.js
const cors = require('cors');

function setupCors(options) {
  const corsOptions = {
    origin: (origin, callback) => {
      const allowedOrigins = Array.isArray(options.origin) 
        ? options.origin 
        : [options.origin];
      
      if (allowedOrigins.includes('*') || !origin || allowedOrigins.includes(origin)) {
        callback(null, true);
      } else {
        callback(new Error('Not allowed by CORS'));
      }
    },
    credentials: options.credentials !== false,
    methods: options.methods || ['GET', 'POST', 'PUT', 'DELETE', 'PATCH'],
    allowedHeaders: options.allowedHeaders || ['Content-Type', 'Authorization', 'x-api-key'],
    exposedHeaders: options.exposedHeaders || ['Content-Range', 'X-Content-Range'],
    maxAge: options.maxAge || 600,
    optionsSuccessStatus: 204
  };

  return cors(corsOptions);
}

module.exports = setupCors;