docs: simplify code examples with header comments (#386)

jonchurch · web-flow · commit bbf62a5438a4 · 2026-01-13T13:59:10.000+01:00
diff --git a/README.md b/README.md
@@ -38,14 +38,15 @@ var express = require('express')
 var cors = require('cors')
 var app = express()
 
+// Adds headers: Access-Control-Allow-Origin: *
 app.use(cors())
 
 app.get('/products/:id', function (req, res, next) {
-  res.json({msg: 'This is CORS-enabled for all origins!'})
+  res.json({msg: 'Hello'})
 })
 
 app.listen(80, function () {
-  console.log('CORS-enabled web server listening on port 80')
+  console.log('web server listening on port 80')
 })
 ```
 
@@ -56,12 +57,13 @@ var express = require('express')
 var cors = require('cors')
 var app = express()
 
+// Adds headers: Access-Control-Allow-Origin: *
 app.get('/products/:id', cors(), function (req, res, next) {
-  res.json({msg: 'This is CORS-enabled for a Single Route'})
+  res.json({msg: 'Hello'})
 })
 
 app.listen(80, function () {
-  console.log('CORS-enabled web server listening on port 80')
+  console.log('web server listening on port 80')
 })
 ```
 
@@ -79,12 +81,13 @@ var corsOptions = {
   optionsSuccessStatus: 200 // some legacy browsers (IE11, various SmartTVs) choke on 204
 }
 
+// Adds headers: Access-Control-Allow-Origin: http://example.com, Vary: Origin
 app.get('/products/:id', cors(corsOptions), function (req, res, next) {
-  res.json({msg: 'This is CORS-enabled for only example.com.'})
+  res.json({msg: 'Hello'})
 })
 
 app.listen(80, function () {
-  console.log('CORS-enabled web server listening on port 80')
+  console.log('web server listening on port 80')
 })
 ```
 
@@ -118,12 +121,13 @@ var corsOptions = {
   }
 }
 
+// Adds headers: Access-Control-Allow-Origin: <matched origin>, Vary: Origin
 app.get('/products/:id', cors(corsOptions), function (req, res, next) {
-  res.json({msg: 'This is CORS-enabled for an allowed domain.'})
+  res.json({msg: 'Hello'})
 })
 
 app.listen(80, function () {
-  console.log('CORS-enabled web server listening on port 80')
+  console.log('web server listening on port 80')
 })
 ```
 
@@ -141,13 +145,13 @@ var express = require('express')
 var cors = require('cors')
 var app = express()
 
-app.options('/products/:id', cors()) // enable pre-flight request for DELETE request
+app.options('/products/:id', cors()) // preflight for DELETE
 app.del('/products/:id', cors(), function (req, res, next) {
-  res.json({msg: 'This is CORS-enabled for all origins!'})
+  res.json({msg: 'Hello'})
 })
 
 app.listen(80, function () {
-  console.log('CORS-enabled web server listening on port 80')
+  console.log('web server listening on port 80')
 })
 ```
 
@@ -181,28 +185,30 @@ Here’s an example that handles both public routes and restricted, credential-s
 var dynamicCorsOptions = function(req, callback) {
   var corsOptions;
   if (req.path.startsWith('/auth/connect/')) {
+    // Access-Control-Allow-Origin: http://mydomain.com, Access-Control-Allow-Credentials: true, Vary: Origin
     corsOptions = {
-      origin: 'http://mydomain.com', // Allow only a specific origin
-      credentials: true,            // Enable cookies and credentials
+      origin: 'http://mydomain.com',
+      credentials: true
     };
   } else {
-    corsOptions = { origin: '*' };   // Allow all origins for other routes
+    // Access-Control-Allow-Origin: *
+    corsOptions = { origin: '*' };
   }
   callback(null, corsOptions);
 };
 
 app.use(cors(dynamicCorsOptions));
 
 app.get('/auth/connect/twitter', function (req, res) {
-  res.send('CORS dynamically applied for Twitter authentication.');
+  res.send('Hello');
 });
 
 app.get('/public', function (req, res) {
-  res.send('Public data with open CORS.');
+  res.send('Hello');
 });
 
 app.listen(80, function () {
-  console.log('CORS-enabled web server listening on port 80')
+  console.log('web server listening on port 80')
 })
 ```
 
