2016-01-22 00:24:48 +08:00
|
|
|
'use strict';
|
|
|
|
|
2019-12-24 01:19:08 +08:00
|
|
|
module.exports = function cors (extraHeaders = []) {
|
2019-09-27 15:52:51 +08:00
|
|
|
return function (req, res, next) {
|
|
|
|
const headers = [
|
|
|
|
'X-Requested-With',
|
|
|
|
'X-Prototype-Version',
|
|
|
|
'X-CSRF-Token',
|
|
|
|
'Authorization',
|
2020-02-13 18:30:14 +08:00
|
|
|
'Carto-Source-Lib',
|
|
|
|
'Carto-Source-Context',
|
|
|
|
'Carto-Source-Context-Id',
|
2019-09-27 15:52:51 +08:00
|
|
|
...extraHeaders
|
|
|
|
];
|
2016-01-22 00:24:48 +08:00
|
|
|
|
2019-09-27 15:52:51 +08:00
|
|
|
const exposedHeaders = [
|
|
|
|
'Carto-Rate-Limit-Limit',
|
|
|
|
'Carto-Rate-Limit-Remaining',
|
|
|
|
'Carto-Rate-Limit-Reset',
|
|
|
|
'Retry-After'
|
|
|
|
];
|
2016-01-22 00:24:48 +08:00
|
|
|
|
|
|
|
res.header('Access-Control-Allow-Origin', '*');
|
2019-09-27 15:52:51 +08:00
|
|
|
res.header('Access-Control-Allow-Headers', headers.join(', '));
|
|
|
|
res.header('Access-Control-Expose-Headers', exposedHeaders.join(', '));
|
2016-01-22 00:24:48 +08:00
|
|
|
|
2019-10-01 18:52:54 +08:00
|
|
|
if (req.method === 'OPTIONS') {
|
|
|
|
return res.send();
|
|
|
|
}
|
|
|
|
|
2016-01-22 00:24:48 +08:00
|
|
|
next();
|
|
|
|
};
|
|
|
|
};
|