{
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", params.cors.allowedOrigin);
- res.header("Access-Control-Allow-Headers",
- "Origin, X-Requested-With, Content-Type, Accept");
- next();
+ res.header("Access-Control-Allow-Credentials", true); //for cookies
+ res.header("Access-Control-Allow-Headers",
+ "Origin, X-Requested-With, Content-Type, Accept");
+ res.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS, PUT, DELETE");
+ next();
});
}