Express Production Setup - 3 | CORS

-

 Express Production Setup - 3 | CORS 


To enable Cross-Origin Resource Sharing (CORS) in an Express.js application, you can use the cors middleware package. This middleware allows you to control which domains can access your API, what methods are allowed, and what headers can be sent in requests.


index.js


    const express = require('express');
    const cors = require('cors');

    const app = express();

    // CORS options to allow only POST requests
    const corsOptions = {
        origin: 'http://example.com', // Replace with your client's origin
        methods: ['POST', "GET", "PUT", "PATCH", "DELETE"],
        credentials: true // allow cookies
    };

    // Apply CORS middleware with the above options
    app.use(cors(corsOptions));

    // Example route
    app.post('/api', (req, res) => {
        res.json({ message: 'This is a POST request endpoint with CORS enabled!' });
    });

    // Handle other routes or methods (GET, PUT, DELETE, etc.)
    app.use((req, res) => {
        res.status(405).send('Method Not Allowed'); // Send 405 for methods other than POST
    });

    const PORT = process.env.PORT || 3000;
    app.listen(PORT, () => {
        console.log(`Server is running on port ${PORT}`);
    });

Comments

Post a Comment

Popular posts from this blog

Ensuring File Creation in the Current Directory when Converting Python (.py) Script to Executable (.exe).

-
Image
Ensuring File Creation in the Current Directory when Converting Python (.py) Script to Executable (.exe). When you create a file in Python within the current directory, everything works seamlessly. However, if you decide to convert your Python script into a standalone executable (.exe) using tools like PyInstaller, you might encounter a situation where the file is created in a temporary folder, and upon code execution completion, it mysteriously disappears. To overcome this challenge and ensure that your file appears in the current directory, consider using the following code snippet: Explanation: In the above code, we use sys.frozen to check if the script is running in a frozen (compiled into an executable) environment. This is particularly relevant when the script is converted to a standalone executable using tools like PyInstaller. When the script is running as a .py file, myPath is set to the absolute path of the script using os.path.abspath(__file__). When the script is running as...
Read more

Express Production Setup - 4 | HELMET

-
 Helmet helps secure Express apps by setting HTTP response headers. it will remove all header from express app like X-Powered-By : express  we can remove using  express.remove("x-powered-by"); but it's make it easy * also help  XSS attacks index.js      import express from " express ";     import helmet from " helmet ";     const app = express ();     // Use Helmet!     app . use ( helmet ());     app . get (" / ", ( req , res ) => {     res . send (" Hello world! ");     });     app . listen ( 8000 );
Read more

Node Js Private Key And Public Key Encryption and Decryption

-
    const crypto = require (' crypto ');     // Generate RSA key pair for personal decryption     const MyKey = crypto . generateKeyPairSync (' rsa ', {         modulusLength: 2048 ,         publicKeyEncoding: {             type: ' spki ',             format: ' pem '         },         privateKeyEncoding: {             type: ' pkcs8 ',             format: ' pem '         }     });     // Function to encrypt a message using user's public key     function encryptMessage ( message , publicKey ) {         let encryptMsg ;         try {             encryptMsg = crypto . publicEncrypt ( publicKey , Buffer . from ( message )). toString...
Read more