How to return dynamic origin?

[bestvow]

String|Function(ctx)} origin Access-Control-Allow-Origin, default is request Origin header
what is Function(ctx) expect return value?
I tried
origin:ctx=>ctx.request.origin
It doesn't work.

[move-zig]

The function should return a string.

I'd also like to get some guidance on this function. What's the best practice? Say I have three domains I want to grant access to, "apple.example.com", "banana.example.com", and "cherry.example.com". I'm thinking something like this:

const app = new Koa();
app.use(cors({
  origin: (ctx) => {
    const validDomains = [ 'apple.example.com', 'banana.example.com', 'cherry.example.com' ];
    if (validDomains.indexOf(ctx.request.header.origin) !== -1) {
      return ctx.request.header.origin;
    }
    return validDomains[0]; // we can't return void, so let's return one of the valid domains
  },
});

Is this a good method? Is there a better way?

[bestvow]

Thank a lot!

[andreyrd]

I believe you have to return the domain that was actually matched.