Merge pull request #671 from CartoDB/cors-wildcards

CORS, use wildcard
This commit is contained in:
Daniel G. Aubert 2020-11-05 17:29:28 +01:00 committed by GitHub
commit 92e65ac4ba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -1,28 +1,10 @@
'use strict';
module.exports = function cors (extraHeaders = []) {
module.exports = function cors () {
return function (req, res, next) {
const headers = [
'X-Requested-With',
'X-Prototype-Version',
'X-CSRF-Token',
'Authorization',
'Carto-Event',
'Carto-Event-Source',
'Carto-Event-Group-Id',
...extraHeaders
];
const exposedHeaders = [
'Carto-Rate-Limit-Limit',
'Carto-Rate-Limit-Remaining',
'Carto-Rate-Limit-Reset',
'Retry-After'
];
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Headers', headers.join(', '));
res.header('Access-Control-Expose-Headers', exposedHeaders.join(', '));
res.header('Access-Control-Allow-Headers', '*');
res.header('Access-Control-Expose-Headers', '*');
if (req.method === 'OPTIONS') {
return res.send();