CORS
CORS is not configured by default. CORS features can be enabled for matching domains using the corsOrigin property. This can be specified as a string or as a regular expression.
Setup
When creating a service, the optional corsOrigin parameter can be set to configure which domains can be used with CORS. This can be specified as a string, a regular expression, or an array of strings/regexs.
createNodeblocksAuthApp({
corsOrigin: ['https://www.tanty.com', 'http://localhost:3000'],
}).startService({
...
});
This is all that is needed for CORS setup. Requests from domains configured here will be allowed on CORS policies.
There is a security risk associated with regular expressions (/.*/), and so it is strongly recommended to only allow specific domains.
When using regular expressions, pay careful attention to ensure that only specific domains match. Incorrect regular expressions may result in allowing domains that are not expected.