From 0e961e56ee68c6116093fe2fe47231f3e5319e27 Mon Sep 17 00:00:00 2001 From: BigBlueHat Date: Wed, 10 May 2017 17:10:04 -0400 Subject: [PATCH] Move CORS headers into their own middleware --- index.js | 10 ---------- src/server/cors-headers.js | 13 +++++++++++++ src/server/index.js | 2 ++ 3 files changed, 15 insertions(+), 10 deletions(-) create mode 100644 src/server/cors-headers.js diff --git a/index.js b/index.js index 669c99d..fa1a0a3 100644 --- a/index.js +++ b/index.js @@ -208,16 +208,6 @@ console.log(config); app.use(function(req, res, next) { res.header('X-Powered-By', mayktsoURI); - res.header("Access-Control-Allow-Credentials", "true"); - res.header("Access-Control-Allow-Methods", "GET, HEAD, OPTIONS, POST, PUT"); - if(req.header('Origin')) { - res.header("Access-Control-Allow-Origin", req.header('Origin')); - } - else { - res.header("Access-Control-Allow-Origin", "*"); - } - res.header("Access-Control-Allow-Headers", "Content-Length, Content-Type, If-None-Match, Link, Location, Origin, Slug, X-Requested-With"); - res.header("Access-Control-Expose-Headers", "Accept-Post, Access-Control-Allow-Headers, Access-Control-Allow-Methods, Access-Control-Allow-Origin, Allow, Content-Length, Content-Type, ETag, Last-Modified, Link, Location, Updates-Via, Vary"); return next(); }); diff --git a/src/server/cors-headers.js b/src/server/cors-headers.js new file mode 100644 index 0000000..98f7d57 --- /dev/null +++ b/src/server/cors-headers.js @@ -0,0 +1,13 @@ +module.exports = function(req, res, next) { + res.header("Access-Control-Allow-Credentials", "true"); + res.header("Access-Control-Allow-Methods", "GET, HEAD, OPTIONS, POST, PUT"); + if(req.header('Origin')) { + res.header("Access-Control-Allow-Origin", req.header('Origin')); + } + else { + res.header("Access-Control-Allow-Origin", "*"); + } + res.header("Access-Control-Allow-Headers", "Content-Length, Content-Type, If-None-Match, Link, Location, Origin, Slug, X-Requested-With"); + res.header("Access-Control-Expose-Headers", "Accept-Post, Access-Control-Allow-Headers, Access-Control-Allow-Methods, Access-Control-Allow-Origin, Allow, Content-Length, Content-Type, ETag, Last-Modified, Link, Location, Updates-Via, Vary"); + return next(); +}; diff --git a/src/server/index.js b/src/server/index.js index 3713dfd..72a163e 100644 --- a/src/server/index.js +++ b/src/server/index.js @@ -9,6 +9,8 @@ exports.createServer = function(config){ var app = express(); // app.use(compress()); + app.use(require('./cors-headers.js')); + if (config.sslKey && config.sslCert) { var options = { key: fs.readFileSync(config.sslKey),