Merge pull request #29 from matrix-org/michaelkaye/add_cors_headers

Add middleware and cors headers
matrix-org · Sep 20, 2018 · c4cfb0d · c4cfb0d
2 parents e436e6c + adad3c4
commit c4cfb0d
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/package.json b/package.json
@@ -11,6 +11,7 @@
   },
   "dependencies": {
     "express": "^4.16.3",
+    "cors": "^2.8.4",
     "express-validation": "^1.0.2",
     "joi": "^13.3.0",
     "js-yaml": "^3.12.0",

diff --git a/src/middlewares.js b/src/middlewares.js
@@ -17,6 +17,7 @@ limitations under the License.
 **/
 
 const express = require('express');
+const cors = require('cors');
 const consoleMiddleware = require('./console-middleware.js');
 const ClientError = require('./client-error.js');
 const JoiError = require('./joi-error.js');
@@ -31,6 +32,14 @@ async function attachMiddlewares(app, opts) {
     // Add req.console for nicer formatted logs
     app.use(consoleMiddleware);
 
+    const corsOptions = {
+        origin: '*',
+        methods: ['GET', 'PUT', 'POST', 'DELETE', 'OPTIONS'],
+        allowedHeaders: ['Origin', 'X-Requested-With', 'Content-Type', 'Accept',
+                         'Authorization']
+    }
+    app.use(cors(corsOptions));
+
     // Add express-provided JSON but give it it's own unique error handling instead
     // of falling back on the generic one - handing these back to the client is OK.
     app.use(express.json(), jsonErrorMiddleware);