Questions And Answers

More Tutorials

NodeJS with CORS

Enable CORS in express.js

As node.js is often used to build API, proper CORS setting can be a life saver if you want to be able to request the API from different domains.

In the exemple, we'll set it up for the wider configuration (authorize all request types from any domain.

In your server.js after initializing express:

// Create express server
const app = express();
app.use((req, res, next) => {
 res.header('Access-Control-Allow-Origin', '*');
 // authorized headers for preflight requests
 res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept');
 app.options('*', (req, res) => {
 // allowed XHR methods
 res.header('Access-Control-Allow-Methods', 'GET, PATCH, PUT, POST, DELETE, OPTIONS');

Usually, node is ran behind a proxy on production servers. Therefore the reverse proxy server (such as Apache or Nginx) will be responsible for the CORS config.

To conveniently adapt this scenario, it's possible to only enable node.js CORS when it's in development.

This is easily done by checking NODE_ENV:

const app = express();
if (process.env.NODE_ENV === 'development') {
 // CORS settings


In this page (written and validated by ) you learned about NodeJS with CORS . What's Next? If you are interested in completing NodeJS tutorial, your next topic will be learning about: NodeJS Getting started with Nodes profiling.

Incorrect info or code snippet? We take very seriously the accuracy of the information provided on our website. We also make sure to test all snippets and examples provided for each section. If you find any incorrect information, please send us an email about the issue:

Share On:

Mockstacks was launched to help beginners learn programming languages; the site is optimized with no Ads as, Ads might slow down the performance. We also don't track any personal information; we also don't collect any kind of data unless the user provided us a corrected information. Almost all examples have been tested. Tutorials, references, and examples are constantly reviewed to avoid errors, but we cannot warrant full correctness of all content. By using, you agree to have read and accepted our terms of use, cookies and privacy policy.