2016-01-22 00:24:48 +08:00
|
|
|
'use strict';
|
|
|
|
|
2019-09-27 15:52:51 +08:00
|
|
|
module.exports = function cors(extraHeaders = []) {
|
|
|
|
return function (req, res, next) {
|
|
|
|
const headers = [
|
|
|
|
'X-Requested-With',
|
|
|
|
'X-Prototype-Version',
|
|
|
|
'X-CSRF-Token',
|
|
|
|
'Authorization',
|
|
|
|
...extraHeaders
|
|
|
|
];
|
2016-01-22 00:24:48 +08:00
|
|
|
|
2019-09-27 15:52:51 +08:00
|
|
|
const exposedHeaders = [
|
|
|
|
'Carto-Rate-Limit-Limit',
|
|
|
|
'Carto-Rate-Limit-Remaining',
|
|
|
|
'Carto-Rate-Limit-Reset',
|
|
|
|
'Retry-After'
|
|
|
|
];
|
2016-01-22 00:24:48 +08:00
|
|
|
|
|
|
|
res.header('Access-Control-Allow-Origin', '*');
|
2019-09-27 15:52:51 +08:00
|
|
|
res.header('Access-Control-Allow-Headers', headers.join(', '));
|
|
|
|
res.header('Access-Control-Expose-Headers', exposedHeaders.join(', '));
|
2016-01-22 00:24:48 +08:00
|
|
|
|
|
|
|
next();
|
|
|
|
};
|
|
|
|
};
|