CartoDB-SQL-API/app/middlewares/cors.js

'use strict';

module.exports = function cors(extraHeaders = []) {
    return function (req, res, next) {
        const headers = [
            'X-Requested-With',
            'X-Prototype-Version',
            'X-CSRF-Token',
            'Authorization',
            ...extraHeaders
        ];

        const exposedHeaders = [
            'Carto-Rate-Limit-Limit',
            'Carto-Rate-Limit-Remaining',
            'Carto-Rate-Limit-Reset',
            'Retry-After'
        ];

        res.header('Access-Control-Allow-Origin', '*');
        res.header('Access-Control-Allow-Headers', headers.join(', '));
        res.header('Access-Control-Expose-Headers', exposedHeaders.join(', '));

        if (req.method === 'OPTIONS') {
            return res.send();
        }

        next();
    };
};
Added cors middleware, decoupled query and job controllers from its dependencies 2016-01-22 00:24:48 +08:00			`'use strict';`

Add Rate limit headers to CORS (#618) 2019-09-27 15:52:51 +08:00			`module.exports = function cors(extraHeaders = []) {`
			`return function (req, res, next) {`
			`const headers = [`
			`'X-Requested-With',`
			`'X-Prototype-Version',`
			`'X-CSRF-Token',`
			`'Authorization',`
			`...extraHeaders`
			`];`
Added cors middleware, decoupled query and job controllers from its dependencies 2016-01-22 00:24:48 +08:00
Add Rate limit headers to CORS (#618) 2019-09-27 15:52:51 +08:00			`const exposedHeaders = [`
			`'Carto-Rate-Limit-Limit',`
			`'Carto-Rate-Limit-Remaining',`
			`'Carto-Rate-Limit-Reset',`
			`'Retry-After'`
			`];`
Added cors middleware, decoupled query and job controllers from its dependencies 2016-01-22 00:24:48 +08:00
			`res.header('Access-Control-Allow-Origin', '*');`
Add Rate limit headers to CORS (#618) 2019-09-27 15:52:51 +08:00			`res.header('Access-Control-Allow-Headers', headers.join(', '));`
			`res.header('Access-Control-Expose-Headers', exposedHeaders.join(', '));`
Added cors middleware, decoupled query and job controllers from its dependencies 2016-01-22 00:24:48 +08:00
Remove generic controller, its functionallity fits better in cors middleware 2019-10-01 18:52:54 +08:00			`if (req.method === 'OPTIONS') {`
			`return res.send();`
			`}`

Added cors middleware, decoupled query and job controllers from its dependencies 2016-01-22 00:24:48 +08:00			`next();`
			`};`
			`};`