module.exports = function cors () { return function corsMiddleware (req, res, next) { const headers = [ 'X-Requested-With', 'X-Prototype-Version', 'X-CSRF-Token' ]; if (req.method === 'OPTIONS') { headers.push('Content-Type'); } res.set("Access-Control-Allow-Origin", "*"); res.set("Access-Control-Allow-Headers", headers.join(', ')); next(); }; };