Disabling CORS for a specific route is not working

[vimutti77]

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the bug has not already been reported

Fastify version

5.5.0

Plugin version

11.1.0

Node.js version

22.17.1

Operating system

Windows

Operating system version (i.e. 20.04, 11.3, 10)

2024H2

Description

I'm trying to disable CORS for a specific route using the example code, but it's not working as expected.

await app.register(require('@fastify/cors'), {
  origin: 'http://localhost:3000',
})

app.get('/cors-enabled', async (req, reply) => {
  reply.send({ ok: true })
})

app.get('/cors-disabled', {
  cors: false,
}, async (req, reply) => {
  reply.send({ ok: true })
})

Even when I fetch both /cors-enabled and /cors-disabled, I still get the same response header:

access-control-allow-origin: http://localhost:3000

This suggests that the global CORS configuration is being applied to all routes, even those that should have CORS disabled.

Link to code that reproduces the bug

https://github.com/fastify/fastify-cors?tab=readme-ov-file#disabling-cors-for-a-specific-route

Expected Behavior

No response

[vimutti77]

It looks like the current example is outdated. To disable CORS for a specific route in Fastify, you should set config.cors: false inside the route options

app.get('/cors-disabled', {
  config: {
    cors: false,
  }
}, async (req, reply) => {
  reply.send({ ok: true })
})