An Elixir Plug to add CORS.
- Add this plug to your
mix.exsdependencies:
def deps do
# ...
{:cors_plug, "~> 1.2"},
#...
endWhen used together with the awesomeness that's the Phoenix Framework please note that putting the CORSPlug in a pipeline won't work as they are only invoked for matched routes.
I therefore recommend to put it in lib/your_app/endpoint.ex:
defmodule YourApp.Endpoint do
use Phoenix.Enpoint, otp_app: :your_app
# ...
plug CORSPlug
plug YourApp.Router
endAlternatively you can add options routes, as suggested by @leighhalliday
scope "/api", PhoenixApp do
pipe_through :api
resources "/articles", ArticleController
options "/articles", ArticleController, :options
options "/articles/:id", ArticleController, :options
endThis plug will return the following headers:
On preflight (OPTIONS) requests:
- Access-Control-Allow-Origin
- Access-Control-Allow-Credentials
- Access-Control-Max-Age
- Access-Control-Allow-Headers
- Access-Control-Allow-Methods
On GET, POST, ... requests:
- Access-Control-Allow-Origin
- Access-Control-Expose-Headers
- Access-Control-Allow-Credentials
You can configure allowed origins as follows:
plug CORSPlug, origin: ["http://example1.com", "http://example2.com"]Alternatively, you can use a regex:
plug CORSPlug, origin: ~r/https?.*example\d?\.com$/Please find the list of current defaults in cors_plug.ex.
Copyright 2014 Michael Schaefermeyer
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.