This repository was archived by the owner on Apr 26, 2019. It is now read-only.
File tree Expand file tree Collapse file tree 1 file changed +30
-0
lines changed Expand file tree Collapse file tree 1 file changed +30
-0
lines changed Original file line number Diff line number Diff line change 1+ module . exports = addCorsHeaders
2+
3+ function addCorsHeaders ( request , reply ) {
4+ if ( ! request . headers . origin ) {
5+ return reply . continue ( )
6+ }
7+
8+ // depending on whether we have a boom or not,
9+ // headers need to be set differently.
10+ var response = request . response . isBoom ? request . response . output : request . response
11+
12+ response . headers [ 'access-control-allow-origin' ] = request . headers . origin
13+ response . headers [ 'access-control-allow-credentials' ] = 'true'
14+ if ( request . method !== 'options' ) {
15+ return reply . continue ( )
16+ }
17+
18+ response . statusCode = 200
19+ response . headers [ 'access-control-expose-headers' ] = 'content-type, content-length, etag'
20+ response . headers [ 'access-control-max-age' ] = 60 * 10 // 10 minutes
21+ // dynamically set allowed headers & method
22+ if ( request . headers [ 'access-control-request-headers' ] ) {
23+ response . headers [ 'access-control-allow-headers' ] = request . headers [ 'access-control-request-headers' ]
24+ }
25+ if ( request . headers [ 'access-control-request-method' ] ) {
26+ response . headers [ 'access-control-allow-methods' ] = request . headers [ 'access-control-request-method' ]
27+ }
28+
29+ reply . continue ( )
30+ }
You can’t perform that action at this time.
0 commit comments