CORS (Cross-Origin Resource Sharing) middleware for the middy framework

Usage no npm install needed!

<script type="module">
  import middyCors from 'https://cdn.skypack.dev/@middy/cors';


Middy CORS middleware

WARNING: this package has been deprecated. Please use the renamed version @middy/http-cors!

Middy logo

CORS middleware for the middy framework, the stylish Node.js middleware engine for AWS Lambda

This middleware sets CORS headers (Access-Control-Allow-Origin, Access-Control-Allow-Headers, Access-Control-Allow-Credentials), necessary for making cross-origin requests, to the response object.

Sets headers in after and onError phases.


To install this middleware you can use NPM:

npm install --save @middy/cors


  • origin (string) (optional): origin to put in the header (default: "*")
  • headers (string) (optional): value to put in Access-Control-Allow-Headers (default: null)
  • credentials (bool) (optional): if true, sets the Access-Control-Allow-Origin as request header Origin, if present (default false)

Sample usage

const middy = require('middy')
const { cors } = require('middy/middlewares')

const handler = middy((event, context, cb) => {
  cb(null, {})


// when Lambda runs the handler...
handler({}, {}, (_, response) => {

Middy documentation and examples

For more documentation and examples, refers to the main Middy monorepo on GitHub or Middy official website.


Everyone is very welcome to contribute to this repository. Feel free to raise issues or to submit Pull Requests.


Licensed under MIT License. Copyright (c) 2017-2018 Luciano Mammino and the Middy team.

FOSSA Status