CORS: Cross-Origin Resource-Sharing enabled using cors

[shishirYadav]

CORS: Cross-Origin Resource-Sharing enabled using cors

[suresh-shetiar]

I think when coming to CORS we always tend to enable CORS for all origins and from security point of view we just rely on server settings, like if we are hosting any server in EC2 instance and running our application using Nginx then we just depend on security groups (firewall) and the Nginx setting to allow the request from which origin.

The problem is there might be a case when two application in running in same server or fronted and back-end running in same server then one having access to make the calls to application will have the access to make API calls to another application resources too.

What we can do is add the concept of white labeling the origin. This will allow the request from only those origins we expect to avoid misuse of the API

For the point of boilerplate its good to have enabled all origins to make request.
The only point I am adding this comment is to have a way to enable CORS in terms of white labeling the origin.

[ssingh3006]

Using Expressjs cors module to implement this.
Check our documentation for more details.