fix CORS support by enabling OPTIONS endpoint

9 years ago · 3408e2caa5
3 changed files with 20 additions and 1 deletions
--- a/app.js
+++ b/app.js
@ -12,6 +12,7 @@ if( peliasConfig.accessLog ){

 app.use( require('./middleware/headers') );
 app.use( require('./middleware/cors') );
+app.use( require('./middleware/options') );
 app.use( require('./middleware/jsonp') );

 /** ----------------------- routes ----------------------- **/
--- a/middleware/cors.js
+++ b/middleware/cors.js
@ -1,7 +1,7 @@

 function middleware(req, res, next){
  res.header('Access-Control-Allow-Origin', '*');
-  res.header('Access-Control-Allow-Methods', 'GET');
+  res.header('Access-Control-Allow-Methods', 'GET, OPTIONS');
  res.header('Access-Control-Allow-Headers', 'X-Requested-With,content-type');
  res.header('Access-Control-Allow-Credentials', true);
  next();
--- a/middleware/options.js
+++ b/middleware/options.js
@ -0,0 +1,18 @@
+
+/**
+  this functionality is required by CORS as the browser will send an
+  HTTP OPTIONS request before performing the CORS request.
+
+  if the OPTIONS request returns a non-200 status code then the 
+  transaction will fail.
+**/
+
+function middleware(req, res, next){
+  if( req.method === 'OPTIONS' ){
+    res.send(200);
+  } else {
+    next();
+  }
+}
+
+module.exports = middleware;