CORS Middleware: Unlocking Cross-Origin Requests in Express
The `cors` middleware tells browsers which external websites can read your Express API's responses. Use it when a frontend on one domain needs to fetch data from your API on another.
The `cors` middleware is a gatekeeper for your Express API, telling browsers which websites can read its responses by adding `Access-Control-Allow-Origin` headers. It's essential when a frontend on one domain (e.g., `app.com`) needs to fetch data from your API on another (`api.com`). You can enable it for all routes with `app.use(cors())` or configure specific origins. The footgun: thinking it blocks requests. It only adds headers; the browser enforces the block, preventing JavaScript from reading the response.
Read the original → expressjs.com
- #express
- #nodejs
- #cors
- #middleware
- #api
Get five bites like this every day.
Tezvyn delivers a daily feed of 60-second tech bites with quizzes to lock in what you learn.