Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- app.options "*", (req, res) ->
- res.header 'Access-Control-Allow-Origin', '*'
- res.header 'Access-Control-Allow-Credentials', true
- # try: 'POST, GET, PUT, DELETE, OPTIONS'
- res.header 'Access-Control-Allow-Methods', 'GET, OPTIONS'
- # try: 'X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept'
- res.header 'Access-Control-Allow-Headers', 'Content-Type'
- # ...
- app.get "/somethingelse", (req, res) ->
- # ...
- res.header 'Access-Control-Allow-Origin', '*'
- res.header 'Access-Control-Allow-Credentials', true
- res.header 'Access-Control-Allow-Methods', 'POST, GET, PUT, DELETE, OPTIONS'
- res.header 'Access-Control-Allow-Headers', 'Content-Type'
- # ...
- app.get('somethingelse', function(req, res, next) {
- //..set headers etc.
- next();
- });
- //CORS middleware
- var allowCrossDomain = function(req, res, next) {
- res.header('Access-Control-Allow-Origin', config.allowedDomains);
- res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
- res.header('Access-Control-Allow-Headers', 'Content-Type');
- next();
- }
- //...
- app.configure(function() {
- app.use(express.bodyParser());
- app.use(express.cookieParser());
- app.use(express.session({ secret: 'cool beans' }));
- app.use(express.methodOverride());
- app.use(allowCrossDomain);
- app.use(app.router);
- app.use(express.static(__dirname + '/public'));
- });
- app.all('/*', function(req, res, next) {
- res.header("Access-Control-Allow-Origin", "*");
- res.header("Access-Control-Allow-Headers", "X-Requested-With");
- next();
- });
Add Comment
Please, Sign In to add comment
