You are viewing the legacy version of AdonisJS. Visit for newer docs. This version will receive security patches until the end of 2021.


Table of Contents

Cross-Origin Resource Sharing (CORS) is a way to allow incoming HTTP requests from different domains.

It is very common in AJAX applications where the browser blocks all cross-domain requests if the server does not authorize them.

Read more about CORS here.


Install the middleware provider via npm by executing the following command:

> adonis install @adonisjs/cors

Next, register the provider inside the start/app.js file:

const providers = [

Finally, register the middleware inside the start/kernel.js file:



The configuration for CORS is defined inside the config/cors.js file and accepts the following options.


The origin(s) to be allowed for making cross-domain requests.

You can return one of the following values:

  • A boolean true or false to deny the current request origin.

  • A comma-separated strings of domains to be allowed.

  • An array of domains to be allowed.

  • A function, which receives the current request origin. Here you can compute whether or not the origin is allowed by returning true or false:

    origin: function (currentOrigin) {
      return currentOrigin === ''

For all other options, please inspect the comments inside the config file.