CartoDB-SQL-API/lib/api/middlewares/cors.js

34 lines
910 B
JavaScript
Raw Normal View History

'use strict';
2019-12-24 01:19:08 +08:00
module.exports = function cors (extraHeaders = []) {
2019-09-27 15:52:51 +08:00
return function (req, res, next) {
const headers = [
'X-Requested-With',
'X-Prototype-Version',
'X-CSRF-Token',
'Authorization',
'Carto-Source-Lib',
'Carto-Source-Context',
'Carto-Source-Context-Id',
2019-09-27 15:52:51 +08:00
...extraHeaders
];
2019-09-27 15:52:51 +08:00
const exposedHeaders = [
'Carto-Rate-Limit-Limit',
'Carto-Rate-Limit-Remaining',
'Carto-Rate-Limit-Reset',
'Retry-After'
];
res.header('Access-Control-Allow-Origin', '*');
2019-09-27 15:52:51 +08:00
res.header('Access-Control-Allow-Headers', headers.join(', '));
res.header('Access-Control-Expose-Headers', exposedHeaders.join(', '));
if (req.method === 'OPTIONS') {
return res.send();
}
next();
};
};