Cors

CORS stands for Cross-Origin Resource Sharing. In a nutshell, as a security measure, browsers aren't allowed to access resources outside their own domain.

If your API and web apps are deployed to different domains (or subdomains), you'll have to worry about CORS. For example, if your web client is deployed to example.com but your ptsq server is api.example.com. For security reasons, your browser will not allow XHR requests to a domain other than the one currently in the browser's address bar.

export type CORSOptions =
  | {
      origin?: string[] | string;
      methods?: string[];
      allowedHeaders?: string[];
      exposedHeaders?: string[];
      credentials?: boolean;
      maxAge?: number;
    }
  | false;

const { resolver, router, serve } = PtsqServer.init({
  ctx: createContext,
  plugins: [
    useCORS({
      origin: 'http://localhost:4000',
      credentials: true,
      allowedHeaders: ['X-Custom-Header'],
      methods: ['POST'],
      maxAge: 300,
      exposedHeaders: ['Content-Type'],
    }),
  ],
}).create();

cors: {
  origin: 'http://localhost:4000',
  credentials: true,
  allowedHeaders: ['X-Custom-Header'],
  methods: ['POST']
}

This will return the following headers:

Access-Control-Allow-Origin: 'http://localhost:4000'
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST
Access-Control-Allow-Headers: X-Custom-Header

Server calls Server options