playbooks

home / skills / ehtbanton / claudeskillsrepo / cors-config-generator

cors-config-generator skill

/cors-config-generator

This skill generates complete CORS configuration for APIs, delivering valid TypeScript middleware to enforce cross-origin access across origins.

npx playbooks add skill ehtbanton/claudeskillsrepo --skill cors-config-generator

Review the files below or copy the command above to add this skill to your agents.

Files (2)
SKILL.md
694 B
---
name: cors-config-generator
description: Generate CORS configuration files for API cross-origin resource sharing. Triggers on "create cors config", "generate cors configuration", "cors setup", "cross-origin config".
---

# CORS Config Generator

Generate CORS configuration for API cross-origin access control.

## Output Requirements

**File Output:** `cors.ts` or CORS middleware configuration
**Format:** Valid TypeScript/JavaScript
**Standards:** CORS specification

## When Invoked

Immediately generate a complete CORS configuration for the API.

## Example Invocations

**Prompt:** "Create CORS config for production API"
**Output:** Complete CORS middleware with origin validation.

Overview

This skill generates ready-to-use CORS configuration files or middleware for TypeScript/JavaScript APIs. It produces valid CORS middleware (e.g., cors.ts) that implements origin validation, allowed methods, headers, credentials, and preflight handling. The output follows the CORS specification and is suitable for immediate integration into Express, Fastify, or similar servers.

How this skill works

When triggered it inspects the invocation intent and generates a complete CORS config file or middleware snippet. It includes origin matching (string, regex, or function), method and header allowlists, credentials policy, max-age, and preflight response settings. The generated TypeScript is self-contained and includes comments for integration points and small helper utilities for dynamic origin checks.

When to use it

  • Setting up cross-origin rules for a production or staging API
  • Locking down origins while allowing specific client apps
  • Quickly scaffolding CORS middleware for Express, Fastify, or custom servers
  • Replacing a permissive wildcard setup with stricter origin validation
  • Adding preflight and credentials handling to an existing server

Best practices

  • Prefer explicit origin lists or regex patterns over a wildcard in production
  • Use a function-based origin validator when origins vary by environment or tenant
  • Limit allowed methods and headers to the minimum needed by clients
  • Set credentials:true only when cookies or HTTP auth are required and secure cookies are used
  • Include a sensible Access-Control-Max-Age to reduce preflight overhead

Example use cases

  • Create cors.ts for an Express API that accepts requests from specific domains and supports cookies
  • Generate a Fastify CORS plugin config with regex-based origin matching for subdomains
  • Produce a middleware snippet that returns 204 for OPTIONS preflight with proper headers
  • Convert a wildcard CORS policy to a secure allowlist for production deployment
  • Create environment-aware config that uses different origin lists for dev, staging, and prod

FAQ

Will the generated config work with both Express and Fastify?

Yes. The skill can output a framework-agnostic middleware snippet and small adapters or a ready-to-drop-in config for Express or Fastify.

Can it generate dynamic origin checks for multi-tenant apps?

Yes. The output can include a function-based origin validator that checks request origin against tenant data or environment variables.