Question 1

How to configure CorsPlug for multiple allowed origins in Elixir?

Accepted Answer

Use the 'origin' option with a list of strings or regex patterns in the plug call or app config. For example, specify ['http://example1.com', 'http://example2.com', ~r/https?.*example\d?\.com$/] to allow specific domains and patterns, ensuring flexible CORS rules.

Question 2

CorsPlug vs using Phoenix's built-in CORS handling?

Accepted Answer

CorsPlug offers more flexible configuration like regex and custom functions, whereas Phoenix might have simpler built-in methods. CorsPlug is better for complex CORS rules but requires careful setup in endpoints, while Phoenix's options might be more integrated for basic needs.

Question 3

Why is my CorsPlug not working in a Phoenix pipeline?

Accepted Answer

This happens because pipelines only invoke plugs for matched routes. The README recommends adding CorsPlug to the endpoint or manually defining OPTIONS routes in scopes, as shown in the usage examples, to ensure it processes all cross-origin requests.

Question 4

How to disable automatic preflight responses in CorsPlug?

Accepted Answer

Set the 'send_preflight_response?' option to false in the plug configuration or app config. This allows you to handle OPTIONS requests manually while CorsPlug still sets the necessary CORS headers, giving you full control over the response.

Question 5

Is CorsPlug compatible with the latest Elixir and OTP versions?

Accepted Answer

The author aims to test against the three most recent versions of Elixir and OTP, but updates are done irregularly. Check the GitHub repository or Hex page for current compatibility, as dependencies might lag behind the latest releases.

Question 6

What are the default headers set by CorsPlug?

Accepted Answer

For preflight (OPTIONS) requests, it sets Access-Control-Allow-Origin, Access-Control-Allow-Credentials, Access-Control-Max-Age, Access-Control-Allow-Headers, and Access-Control-Allow-Methods. For other requests, it sets Access-Control-Allow-Origin, Access-Control-Expose-Headers, and Access-Control-Allow-Credentials, as per the README.

cors_plug

What is cors_plug?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions