express-cors

0.0.3 verified Sat Apr 25 auth: no javascript abandoned

A lightweight middleware for Express.js (versions 0.x to 3.x) that enables Cross-Origin Resource Sharing (CORS) by adding appropriate HTTP headers. Version 0.0.3 is the latest and final release; the package has been abandoned in favor of the more popular 'cors' package. It allows configuration of allowed origins with flexible patterns (including scheme, subdomain, and port wildcards), as well as custom methods, headers, and max age. No longer maintained and incompatible with Express 4+ due to internal API changes and missing CORS preflight handling for non-simple requests.

Common errors

error cors is not defined ↓

cause Using ES module import (import cors from 'express-cors') with a CommonJS-only package.

fix

Use require('express-cors') instead: const cors = require('express-cors');

error TypeError: app.use() requires a middleware function ↓

cause Passing incorrect configuration object or forgetting to call cors() as a function.

fix

Ensure you pass the options object to cors(): app.use(cors({ ... }))

error Cannot find module 'express-cors' ↓

cause Package not installed or missing in node_modules.

fix

Run: npm install express-cors

Warnings

deprecated express-cors is deprecated and no longer maintained. Use the cors package instead. ↓

fix Replace with 'cors' package: npm uninstall express-cors && npm install cors

breaking express-cors does not support Express 4+; it relies on deprecated Express 3.x internal APIs (e.g., res.setHeader instead of res.set) and may cause errors. ↓

fix Migrate to cors package which supports Express 4+.

gotcha express-cors does not handle non-simple CORS requests (preflight) automatically; the OPTIONS method must be explicitly handled. ↓

fix Add a separate OPTIONS route or use cors package which handles preflight automatically.

gotcha The allowedOrigins option does not support a boolean 'true' to allow any origin; each origin must be explicitly listed. ↓

fix Use '*' as an origin string if needed, but note that this package's pattern matching may behave unexpectedly.

Install

npm install express-cors

yarn add express-cors

pnpm add express-cors

Imports

default
wrong
```
import cors from 'express-cors'
```
correct
```
const cors = require('express-cors')
```
This package is CommonJS-only and does not support ES modules.
cors function
wrong
```
require('express-cors').default
```
correct
```
require('express-cors')
```
Module exports the middleware function directly; there is no default export.

default

wrong

const { cors } = require('express-cors')

correct

const cors = require('express-cors')

No named exports; only the function itself is exported.

Quickstart

Set up Express middleware to allow CORS from example.com and subdomains, with custom methods and headers.

const express = require('express');
const cors = require('express-cors');

const app = express();

app.use(cors({
  allowedOrigins: ['example.com', '*.example.com'],
  methods: ['GET', 'POST'],
  headers: ['Content-Type', 'Authorization'],
  maxAge: 3600
}));

app.get('/', (req, res) => {
  res.send('Hello World!');
});

app.listen(3000, () => console.log('Server running on port 3000'));