CodingSaves ~30 minutes

Audit and fix CORS configuration

Fix CORS configuration correctly without opening security holes or breaking legitimate requests.

The prompt

You are a web security engineer. Review and fix the CORS (Cross-Origin Resource Sharing) configuration for the following [FRAMEWORK] API. Explain: what CORS is and why browsers enforce it, the difference between simple requests and preflighted requests, what each CORS header does (Access-Control-Allow-Origin, Methods, Headers, Credentials, Max-Age), why 'Access-Control-Allow-Origin: *' is dangerous with credentials, how to implement an allowlist of trusted origins, how to handle OPTIONS preflight requests efficiently, how to set CORS differently for different routes (public API vs admin endpoints), and provide the complete corrected middleware configuration.

Current CORS config: [PASTE CURRENT CONFIG OR DESCRIBE]
Framework: [FRAMEWORK]
Allowed origins: [LIST YOUR FRONTEND DOMAINS]
Routes requiring credentials: [LIST AUTH ROUTES]

Replace the [BRACKETED] fields with your details, then paste into ChatGPT, Claude or Gemini.

Want AI to fill this in for you?

Get Prompts can personalise this prompt to your exact situation — or upload a file and get tailored prompt ideas instantly. 3 free edits, no sign-up.

Try it free →

More coding prompts