/Knowledge/sources/honojs__hono/llms-full/cors-middleware-usage--f0c6ae594bc5.md
CORS Middleware: Usage - hono-docs
CORS Middleware: Usage Source evidence: /Sources/honojs hono/provenance.md Canonical citation: https://hono.dev/llms full.txt usage Summary ts const app = ne...
CORS Middleware: Usage
Source evidence: /Sources/honojs__hono/provenance.md Canonical citation: https://hono.dev/llms-full.txt#usage
Summary
## Content
```ts
const app = new Hono()
// CORS should be called before the route
app.use('/api/*', cors())
app.use(
'/api2/*',
cors({
origin: 'http://example.com',
allowHeaders: ['X-Custom-Header', 'Upgrade-Insecure-Requests'],
allowMethods: ['POST', 'GET', 'OPTIONS'],
exposeHeaders: ['Content-Length', 'X-Kuma-Revision'],
maxAge: 600,
credentials: true,
})
)
app.all('/api/abc', (c) => {
return c.json({ success: true })
})
app.all('/api2/abc', (c) => {
return c.json({ success: true })
})
Multiple origins:
app.use(
'/api3/*',
cors({
origin: ['https://example.com', 'https://example.org'],
})
)
// Or you can use "function"
app.use(
'/api4/*',
cors({
// `c` is a `Context` object
origin: (origin, c) => {
return origin.endsWith('.example.com')
? origin
: 'http://example.com'
},
})
)
Metadata
{
"chunk_index": 0,
"citation": "https://hono.dev/llms-full.txt#usage",
"coverage_role": "overview",
"qualified_title": "Hono / llms-full / CORS Middleware > Usage (1)",
"retrieved_at": "2026-07-02T05:51:01Z",
"section_index": 187,
"source_id": "/honojs/hono",
"source_type": "llms_full",
"target_label": "llms-full",
"title": "CORS Middleware: Usage",
"upstream_url": "https://hono.dev/llms-full.txt",
"version": "2026"
}