CORS: use wildcard for Access-Control-Expose-Headers and Access-Control-Allow-Headers
This commit is contained in:
parent
8a630186c8
commit
b9834cf453
@ -1,28 +1,10 @@
|
||||
'use strict';
|
||||
|
||||
module.exports = function cors (extraHeaders = []) {
|
||||
module.exports = function cors () {
|
||||
return function (req, res, next) {
|
||||
const headers = [
|
||||
'X-Requested-With',
|
||||
'X-Prototype-Version',
|
||||
'X-CSRF-Token',
|
||||
'Authorization',
|
||||
'Carto-Event',
|
||||
'Carto-Event-Source',
|
||||
'Carto-Event-Group-Id',
|
||||
...extraHeaders
|
||||
];
|
||||
|
||||
const exposedHeaders = [
|
||||
'Carto-Rate-Limit-Limit',
|
||||
'Carto-Rate-Limit-Remaining',
|
||||
'Carto-Rate-Limit-Reset',
|
||||
'Retry-After'
|
||||
];
|
||||
|
||||
res.header('Access-Control-Allow-Origin', '*');
|
||||
res.header('Access-Control-Allow-Headers', headers.join(', '));
|
||||
res.header('Access-Control-Expose-Headers', exposedHeaders.join(', '));
|
||||
res.header('Access-Control-Allow-Headers', '*');
|
||||
res.header('Access-Control-Expose-Headers', '*');
|
||||
|
||||
if (req.method === 'OPTIONS') {
|
||||
return res.send();
|
||||
|
Loading…
Reference in New Issue
Block a user