CORS middleware for Node.js Express
var allowCrossDomain = function(req, res, next) {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Authorization, Accept');
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS,TRACE');
res.header('Access-Control-Allow-Credentials', true);
/**
* CORS OPTIONS request, simply return 200
* ---
* Browser will try to see request is possible before actually doing it
* We respond back with 200 so we don't break basic auth
*/
if (req.method == 'OPTIONS') {
res.statusCode = 200;
res.end();
return;
}
next();
};