View our GitHub

Please visit sails-docs on GitHub to view documentation on your mobile device.

Edit Page

myApp/config/cors.js

Purpose

This file defines how your Sails app handles CORS and contains settings for configuring it.

Cross-Origin Resource Sharing is like a more modern version of JSONP. It allows your server/API to successfully respond to requests from client-side JavaScript code running on some other domain (e.g. google.com)

Unlike JSONP, it works with POST, PUT, and DELETE requests

For more information on CORS, check out this here hyperlink.

This can be changed on a per-route basis by adding a "cors" object to the route configuration like this

'/get foo': {
  controller: 'foo',
  action: 'bar',
  cors: {
    origin: 'http://foobar.com,https://owlhoot.com' 
  }
 }
/**
 * Cross-Origin Resource Sharing (CORS) Settings
 * (sails.config.cors)
 *
 * CORS is like a more modern version of JSONP-- it allows your server/API
 * to successfully respond to requests from client-side JavaScript code
 * running on some other domain (e.g. google.com)
 * Unlike JSONP, it works with POST, PUT, and DELETE requests
 *
 * For more information on CORS, check out:
 * http://en.wikipedia.org/wiki/Cross-origin_resource_sharing
 *
 * Note that any of these settings (besides 'allRoutes') can be changed on a per-route basis
 * by adding a "cors" object to the route configuration:
 *
 * '/get foo': {
 *   controller: 'foo',
 *   action: 'bar',
 *   cors: {
 *     origin: 'http://foobar.com,https://owlhoot.com'
 *   }
 *  }
 *
 */

module.exports.cors = {

  // Allow CORS on all routes by default?  If not, you must enable CORS on a
  // per-route basis by either adding a "cors" configuration object
  // to the route config, or setting "cors:true" in the route config to
  // use the default settings below.
  allRoutes: false,

  // Which domains which are allowed CORS access?
  // This can be a comma-delimited list of hosts (beginning with http:// or https://)
  // or "*" to allow all domains CORS access.
  origin: '*',

  // Allow cookies to be shared for CORS requests?
  credentials: true,

  // Which methods should be allowed for CORS requests?  This is only used
  // in response to preflight requests (see article linked above for more info)
  methods: 'GET, POST, PUT, DELETE, OPTIONS, HEAD',

  // Which headers should be allowed for CORS requests?  This is only used
  // in response to preflight requests.
  headers: 'content-type'

};

Is something missing?

If you notice something we've missed or could be improved on, please follow this link and submit a pull request to the sails-docs repo. Once we merge it, the changes will be immediately reflected on the website.