Générateur de politique CORS

Créer des têtes de configuration CORS

CORS Policy Generator

Configure Cross-Origin Resource Sharing and generate header values plus example Express/Nginx configs.

Allowed Origins (comma-separated)

Allowed Methods

Allowed Headers (comma-separated)

Exposed Headers (comma-separated)

Allow Credentials (cookies / authorization headers)

Max Age (seconds, for preflight cache)

Access-Control-* Headers

Access-Control-Allow-Origin: https://example.com
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Max-Age: 86400

Express.js Config

const express = require('express');
const cors = require('cors');
const app = express();

app.use(cors({
  origin: 'https://example.com',
  methods: ['GET', 'POST'],
  allowedHeaders: ['Content-Type', 'Authorization'],
  credentials: false,
  maxAge: 86400
});

Nginx Config

# Nginx CORS configuration
location / {
  add_header 'Access-Control-Allow-Origin' 'https://example.com' always;
  add_header 'Access-Control-Allow-Methods' 'GET, POST' always;
  add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization' always;
  
  
  add_header 'Access-Control-Max-Age' '86400' always;

  if ($request_method = 'OPTIONS') {
    return 204;
  }
}

CORS Policy Generator est un outil Web gratuit. Générer des en-têtes de configuration CORS Aucun téléchargement, fonctionne sur n'importe quel appareil, vos données ne quittent jamais votre navigateur.