CORS: use wildcard for Access-Control-Expose-Headers and Access-Control-Allow-Headers

This commit is contained in:
Daniel García Aubert 2020-11-05 16:50:31 +01:00
parent 8a630186c8
commit b9834cf453

View File

@ -1,28 +1,10 @@
'use strict';
module.exports = function cors (extraHeaders = []) {
module.exports = function cors () {
return function (req, res, next) {
const headers = [
'X-Requested-With',
'X-Prototype-Version',
'X-CSRF-Token',
'Authorization',
'Carto-Event',
'Carto-Event-Source',
'Carto-Event-Group-Id',
...extraHeaders
];
const exposedHeaders = [
'Carto-Rate-Limit-Limit',
'Carto-Rate-Limit-Remaining',
'Carto-Rate-Limit-Reset',
'Retry-After'
];
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Headers', headers.join(', '));
res.header('Access-Control-Expose-Headers', exposedHeaders.join(', '));
res.header('Access-Control-Allow-Headers', '*');
res.header('Access-Control-Expose-Headers', '*');
if (req.method === 'OPTIONS') {
return res.send();