CORS Header Builder

Generate CORS configuration snippets for Express.js, Next.js, nginx, and raw HTTP headers.

Configuration

Allowed Origins

Allow any origin (*)

Allowed Headers

Comma-separated

Expose Headers

Comma-separated. Headers the browser can access from the response.

Allow Credentials

Max Age (seconds)

How long preflight results can be cached. Default: 86400 (24 hours).

Output

const cors = require("cors");

app.use(cors({
  origin: "*",
  methods: ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"],
  allowedHeaders: ["Content-Type", "Authorization"],
  maxAge: 86400
}));