CartoDB-SQL-API/lib/api/middlewares/cors.js

31 lines
802 B
JavaScript

'use strict';
module.exports = function cors(extraHeaders = []) {
return function (req, res, next) {
const headers = [
'X-Requested-With',
'X-Prototype-Version',
'X-CSRF-Token',
'Authorization',
...extraHeaders
];
const exposedHeaders = [
'Carto-Rate-Limit-Limit',
'Carto-Rate-Limit-Remaining',
'Carto-Rate-Limit-Reset',
'Retry-After'
];
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Headers', headers.join(', '));
res.header('Access-Control-Expose-Headers', exposedHeaders.join(', '));
if (req.method === 'OPTIONS') {
return res.send();
}
next();
};
};