Security Middleware
CORS Configuration
Secure cross-origin requests made simple. Enable CORS with one line, configure origins, and protect your API automatically.
Overview
Without CORS, browsers block cross-origin requests. With CORS, you control which origins can access your API securely. Traditional CORS setup requires manual header management and preflight handling. We handle that automatically.
Enable CORS with one line
typescript
Without CORS
- Browsers block cross-origin requests
- Manual header management
- Complex preflight handling
- Security configuration errors
With MoroJS
- One-line CORS enablement
- Automatic preflight handling
- Secure defaults
- Flexible configuration
Configure allowed origins
typescript
Secure
Control which origins can access your API. Secure by default.
Automatic
Preflight requests handled automatically. No manual header management.
Flexible
Configure per-route or globally. Environment-specific settings.
How It Works
MoroJS automatically handles CORS preflight requests, validates origins against your allowed list, and sets appropriate headers. When CORS is enabled, all routes automatically support cross-origin requests according to your configuration.
Configuration
Simple CORS Configuration
typescript
Configure Allowed Origins
typescript
Environment-Specific Configuration
typescript
Advanced Configuration
For advanced use cases, you can configure dynamic origin validation, per-route CORS settings, and database-driven origin management.
Dynamic Origin Validation
typescript
Route-Specific CORS
typescript