{"id":17137,"library":"micro-cors","title":"Simple CORS Middleware for Micro","description":"micro-cors is a straightforward middleware designed to enable Cross-Origin Resource Sharing (CORS) for applications built with `micro`, a minimalist asynchronous HTTP microservices framework. The package's current stable version is `0.1.1`, which was last published approximately seven years ago. While `1.0.0-alpha` versions were released around five years ago, indicating a past attempt at a major update, development appears to have stalled in alpha, leaving the `0.x` branch as the de facto stable release. It maintains a slow release cadence, essentially being in a maintenance mode. Its key differentiator is its small footprint and specific integration with the `micro` ecosystem, aiming for minimal configuration to handle CORS headers.","status":"maintenance","version":"0.1.1","language":"javascript","source_language":"en","source_url":"https://github.com/possibilities/micro-cors","tags":["javascript"],"install":[{"cmd":"npm install micro-cors","lang":"bash","label":"npm"},{"cmd":"yarn add micro-cors","lang":"bash","label":"yarn"},{"cmd":"pnpm add micro-cors","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"micro-cors is a middleware specifically designed for the micro framework. It enables CORS functionality for micro-based HTTP services.","package":"micro","optional":false}],"imports":[{"note":"The package primarily uses a default export, which is then typically invoked to create a middleware instance. CommonJS `require` is the most historically documented usage.","wrong":"import { microCors } from 'micro-cors';","symbol":"microCors","correct":"import microCors from 'micro-cors';\nconst cors = microCors();"},{"note":"For CommonJS, `require('micro-cors')` returns a function that should be immediately called (potentially with options) to get the middleware. Not calling it (e.g., `require('micro-cors')`) results in an uninitialized function, and trying to destructure 'cors' is incorrect.","wrong":"const { cors } = require('micro-cors');","symbol":"cors","correct":"const cors = require('micro-cors')();"},{"note":"Configuration options like `allowMethods` and `allowHeaders` are passed as an object to the function returned by the default export. Refer to the GitHub README for a full list of options like `allowMethods`, `allowHeaders`, `allowCredentials`, `exposeHeaders`, `maxAge`, and `origin`.","wrong":"const cors = microCors({ methods: ['GET', 'POST'] });","symbol":"Options","correct":"const cors = microCors({ allowMethods: ['GET', 'POST'] });"}],"quickstart":{"code":"import { send } from 'micro';\nimport microCors from 'micro-cors';\n\nconst cors = microCors({\n  allowMethods: ['GET', 'POST', 'OPTIONS'],\n  allowHeaders: ['X-Requested-With', 'Access-Control-Allow-Origin', 'X-HTTP-Method-Override', 'Content-Type', 'Authorization', 'Accept'],\n  origin: '*'\n});\n\nconst handler = async (req, res) => {\n  if (req.method === 'OPTIONS') {\n    // Handle preflight requests explicitly if needed\n    return send(res, 200, 'ok!');\n  }\n  \n  if (req.method === 'POST') {\n    // Example POST request handling\n    const data = await json(req);\n    return send(res, 200, { message: 'Received POST data', data });\n  }\n\n  // Default GET response\n  return send(res, 200, { message: 'Hello from micro-cors!' });\n};\n\nexport default cors(handler);","lang":"javascript","description":"Demonstrates setting up `micro-cors` with a basic `micro` handler, including options for allowed methods and explicit handling for CORS preflight requests."},"warnings":[{"fix":"Consider using alternative CORS middleware solutions specifically designed for serverless platforms (e.g., AWS Lambda, Vercel Serverless Functions) if deploying to such environments. For containerized `micro` applications, ensure proper container networking and CORS configuration.","message":"The `micro` framework, which `micro-cors` is built upon, explicitly states it is 'not intended for use in serverless environments'. This means `micro-cors` may not be suitable for serverless functions, a common deployment target for `micro` historically.","severity":"breaking","affected_versions":">=0.1.0"},{"fix":"Evaluate the stability and long-term support risks before adopting. For new projects, consider more actively maintained CORS solutions or frameworks that offer built-in CORS handling.","message":"The `0.x` stable branch has not been updated in approximately seven years, and the `1.0.0-alpha` releases from five years ago appear stalled, with open issues indicating they are not fully functional due to dependencies like Babel. This indicates the package is largely unmaintained.","severity":"gotcha","affected_versions":">=0.1.0"},{"fix":"If `allowCredentials` is `true`, `origin` must be set to a specific domain or a function that dynamically determines the allowed origin based on the request's `Origin` header.","message":"When `allowCredentials` is set to `true`, the `origin` option cannot be set to `'*'`. This is a standard CORS security restriction.","severity":"gotcha","affected_versions":">=0.1.0"},{"fix":"Explicitly check `req.method === 'OPTIONS'` within your `micro` handler and send a 200 OK response with the appropriate CORS headers before proceeding to your main logic. The quickstart example demonstrates this.","message":"Incorrect handling of `OPTIONS` preflight requests can lead to unexpected CORS errors or unnecessary execution of your main handler. Prior to `v1` (which is in alpha), `micro-cors` only sets headers in the response and requires manual handling for preflight requests if you want to avoid triggering your main handler.","severity":"gotcha","affected_versions":"0.1.x"}],"env_vars":null,"last_verified":"2026-04-22T00:00:00.000Z","next_check":"2026-07-21T00:00:00.000Z","problems":[{"fix":"Ensure `module.exports = cors(handler)` is used and that `cors` is the result of `microCors()` or `microCors(options)`.","cause":"This error can occur if the `micro-cors` middleware is not correctly applied to the `micro` handler, or if the `res` object is not correctly propagated or is somehow lost in the middleware chain. It can also happen if the `micro-cors` function is called without immediately invoking its result (e.g., `require('micro-cors')` instead of `require('micro-cors')()`).","error":"Cannot read property 'setHeader' of undefined"},{"fix":"Install the community-maintained type definitions: `npm install --save-dev @types/micro-cors` or `yarn add -D @types/micro-cors`.","cause":"The `micro-cors` package does not ship with its own TypeScript declaration files.","error":"TypeScript error: Cannot find module 'micro-cors' or its corresponding type declarations."},{"fix":"Verify the `origin` option in `micro-cors` is set to match the client's origin (e.g., `origin: 'http://localhost:3000'`) or `origin: '*'` for public APIs (but be mindful of security implications). For local development, `origin: '*'` is often used. Ensure preflight `OPTIONS` requests are handled correctly and send the necessary `Access-Control-Allow-Origin` header.","cause":"The server-side CORS configuration is either missing the `Access-Control-Allow-Origin` header, or its value does not match the origin of the requesting client. This can happen if the `origin` option in `micro-cors` is too restrictive or not set correctly.","error":"Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at [URL]. (Reason: CORS header 'Access-Control-Allow-Origin' missing)."}],"ecosystem":"npm","meta_description":null}