Add support for more CORS headers

6 years ago · cb00cfc1b7
parent d83cb75f95
commit cb00cfc1b7
2 changed files with 16 additions and 0 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -239,6 +239,10 @@ services:
      # ==== CORS =====
      # CORS: Set Access-Control-Allow-Origin header.
      #- CORS=*
+      # CORS_ALLOW_HEADERS: Set Access-Control-Allow-Headers header.  "Authorization,Content-Type" is required for cross-origin use of the API.
+      #- CORS_ALLOW_HEADERS=Authorization,Content-Type
+      # CORS_EXPOSE_HEADERS: Set Access-Control-Expose-Headers header.  This is not needed for typical CORS situations
+      #- CORS_EXPOSE_HEADERS=*
      #-----------------------------------------------------------------
      # ==== MATOMO INTEGRATION ====
      # Optional: Integration with Matomo https://matomo.org that is installed to your server
--- a/server/cors.js
+++ b/server/cors.js
@ -7,5 +7,17 @@ Meteor.startup(() => {
      return next();
    });
  }
+  if ( process.env.CORS_ALLOW_HEADERS ) {
+    WebApp.rawConnectHandlers.use(function(req, res, next) {
+      res.setHeader('Access-Control-Allow-Headers', process.env.CORS_ALLOW_HEADERS);
+      return next();
+    });
+  }
+  if ( process.env.CORS_EXPOSE_HEADERS ) {
+    WebApp.rawConnectHandlers.use(function(req, res, next) {
+      res.setHeader('Access-Control-Expose-Headers', process.env.CORS_EXPOSE_HEADERS);
+      return next();
+    });
+  }

 });