close
Guide
Config
Plugin
API
Community
Guide
Config
Plugin
API
Community

server.cors

  • Type: boolean | import('cors').CorsOptions
  • Default: false
  • Version: >= 1.1.11

Configure CORS options for the dev server or preview server, based on the cors middleware.

  • true:Enable CORS with default options.
  • false:Disable CORS.
  • object:Enable CORS with the specified options.
TIP

Although cors can be set to true, we recommend setting a specified origin option to prevent untrusted origins from accessing your dev server.

Example

Only enable CORS for the dev server:

const isDev = process.env.NODE_ENV === 'development';

export default {
  server: {
    cors: isDev
      ? {
          // Configures the `Access-Control-Allow-Origin` CORS response header
          origin: 'https://example.com',
        }
      : false,
  },
};

Disable CORS:

export default {
  server: {
    cors: false,
  },
};

Options

The cors option can be an object, which is the same as the cors middleware options.

The default configuration is the equivalent of:

const defaultOptions = {
  origin: '*',
  methods: 'GET,HEAD,PUT,PATCH,POST,DELETE',
  preflightContinue: false,
  optionsSuccessStatus: 204,
};

For example, use the origin option to configure the Access-Control-Allow-Origin header:

export default {
  server: {
    cors: {
      origin: 'https://example.com',
    },
  },
};
ON THIS PAGE