pbojinov
8/18/2013 - 7:37 PM

CORS middleware for Node.js Express

CORS middleware for Node.js Express

var allowCrossDomain = function(req, res, next) {
    res.header('Access-Control-Allow-Origin', '*');
    res.header('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Authorization, Accept');
    res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS,TRACE');
    res.header('Access-Control-Allow-Credentials', true);

    /**
     * CORS OPTIONS request, simply return 200
     * ---
     * Browser will try to see request is possible before actually doing it
     * We respond back with 200 so we don't break basic auth
     */
    if (req.method == 'OPTIONS') {
        res.statusCode = 200;
        res.end();
        return;
    }

    next();
};