Middy middleware for adding CORS headers to success response and errors

Usage no npm install needed!

<script type="module">
  import schibstedMiddyCors from 'https://cdn.skypack.dev/@schibsted/middy-cors';


Schibsted Middy CORS middleware

CORS middleware for the middy framework, the stylish Node.js middleware engine for AWS Lambda

This middleware sets HTTP CORS headers, necessary for making cross-origin requests, to the response object.

Sets headers in after and onError phases.

This is an alternative to standard Middy cors handler with the following differences:

  • it allows you to add more CORS headers


To install this middleware you can use NPM:

npm install --save @schibsted/middy-cors


  • allowedOrigins (array) - list of allowed origins or ['*'] for allowing all origins
  • exposeHeaders (array) - list of headers to expose
  • maxAge (string) - value passed to access-control-max-age header
  • credentials (bool) - value passed to access-control-allow-credentials header
  • allowMethods (array) - list of allowed HTTP methods
  • allowHeaders (array) - list of allowed HTTP headers

Sample usage

const middy = require('@middy/core');
const cors = require('@schibsted/middy-cors');

const handler = middy(async () => ({
        statusCode: 200,
        body: JSON.stringify({ foo: 'bar' }),

  .use(cors({ allowedOrigins: ['https://www.vg.no', 'https://www.tek.no']}));

// when Lambda runs the handler...
handler({}, {}, (_, response) => {
    statusCode: 200,
    headers: {
        'access-control-allow-origin': 'https://www.vg.no',
    body: JSON.stringify({ foo: 'bar' }),


Everyone is very welcome to contribute to this repository. Feel free to raise issues or to submit Pull Requests.