How to enable CORS — Basic — app-wide
Apply the cors middleware on the Express app so all routes allow cross-origin requests.
Learn: Browsers block cross-origin API calls unless the server sends CORS headers. App-wide CORS is simplest when a single frontend origin talks to your API. Tighten options in production—avoid `origin: '*'` if cookies or credentials matter.
Supplementary examples
Default CORS for all routes
const cors = require("cors");
app.use(cors());Restrict to one frontend origin
app.use(
cors({
origin: process.env.FRONTEND_URL || "http://localhost:3000",
credentials: true,
})
);Course example
const logger = require("./config/logger");
const app = express();
app.use(logger);
app.use(cors());
app.use(express.json());
// Some code omitted for brevity
Additional references & examples
- cors package (npm)
Configuration options for CORS middleware.
- Express.js guide
Routing, middleware order, and request/response lifecycle.