'What is secure configuration for cors used in Express.js API without compromising security?
Is is safe to do app.use(cors()) only. I am using cors package from npm
Or, should anything needs to be configured keeping security in mind.
I am building a express api that is used for:
- fetching data through GET requests to api endpoints.
- has signup and login functionality
- send API key through headers (will be implemented)
What should be the ideal cors configuration for this api considering security?
I can understand there is lot of resource on cors in the internet. But I cannot find anything specifically tells about configuring cors without compromising security.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|