all files / keystone/lib/middleware/ cors.js

20% Statements 2/10
0% Branches 0/12
50% Functions 1/2
20% Lines 2/10
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36                                                                   
/**
 * Adds CORS headers to the response
 *
 * ####Example:
 *
 *     app.all('/api*', keystone.middleware.cors);
 *
 * @param {app.request} req
 * @param {app.response} res
 * @param {function} next
 * @api public
 */
 
// The exported function returns a closure that retains
// a reference to the keystone instance, so it can be
// passed as middeware to the express app.
 
module.exports = function (keystone) {
	return function cors (req, res, next) {
 
		var origin = keystone.get('cors allow origin');
		if (origin) {
			res.header('Access-Control-Allow-Origin', origin === true ? '*' : origin);
		}
 
		if (keystone.get('cors allow methods') !== false) {
			res.header('Access-Control-Allow-Methods', keystone.get('cors allow methods') || 'GET,PUT,POST,DELETE');
		}
		if (keystone.get('cors allow headers') !== false) {
			res.header('Access-Control-Allow-Headers', keystone.get('cors allow headers') || 'Content-Type, Authorization');
		}
 
		next();
	};
};