Skip to content

themitigater/cors_plug

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

112 Commits
config
config
 
 
lib
lib
 
 
test
test
 
 
.formatter.exs
.formatter.exs
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
mix.exs
mix.exs
 
 
mix.lock
mix.lock
 
 

Repository files navigation

CorsPlug

Build Status Hex.pm Hex.pm

An Elixir Plug to add CORS.

Usage

  1. Add this plug to your mix.exs dependencies:
def deps do
  # ...
  {:cors_plug, "~> 2.0"},
  #...
end

When used together with the awesomeness that's the Phoenix Framework please note that putting the CORSPlug in a pipeline won't work as they are only invoked for matched routes.

I therefore recommend to put it in lib/your_app/endpoint.ex:

defmodule YourApp.Endpoint do
  use Phoenix.Endpoint, otp_app: :your_app

  # ...
  plug CORSPlug

  plug YourApp.Router
end

Alternatively you can add options routes, as suggested by @leighhalliday

scope "/api", PhoenixApp do
  pipe_through :api

  resources "/articles", ArticleController
  options   "/articles", ArticleController, :options
  options   "/articles/:id", ArticleController, :options
end

Configuration

This plug will return the following headers:

On preflight (OPTIONS) requests:

  • Access-Control-Allow-Origin
  • Access-Control-Allow-Credentials
  • Access-Control-Max-Age
  • Access-Control-Allow-Headers
  • Access-Control-Allow-Methods

On GET, POST, ... requests:

  • Access-Control-Allow-Origin
  • Access-Control-Expose-Headers
  • Access-Control-Allow-Credentials

You can configure allowed origins using one of the following methods:

Using a list

plug CORSPlug, origin: ["http://example1.com", "http://example2.com"]

Using a regex

plug CORSPlug, origin: ~r/https?.*example\d?\.com$/

Using the config.exs file

config :cors_plug,
  origin: ["http://example.com"],
  max_age: 86400,
  methods: ["GET", "POST"]

Using a function/0 that returns the allowed origin as a string

Caveat: Anonymous functions are not possible as they can't be quoted.

plug CORSPlug, origin: &MyModule.my_fun/0

def my_fun do
  http://example.com
end

send_preflight_response?

There may be times when you would like to retain control over the response sent to OPTIONS requests. If you would like CORSPlug to only set headers, then set the send_preflight_response? option to false.

plug CORSPlug, send_preflight_response?: false

# or in the app config

config :cors_plug,
  send_preflight_response?: false

Please note that options passed to the plug overrides app config but app config overrides default options.

Please find the list of current defaults in cors_plug.ex.

As per the W3C Recommendation the string null is returned when no configured origin matched the request.

License

Copyright 2017 Michael Schaefermeyer

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

About

An Elixir Plug to add CORS.

hex.pm/packages/cors_plug

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

20 tags

Packages

No packages published

Languages

  • Elixir 100.0%