-if (app.get('env') === 'development')
-{
- app.use(function(req, res, next) {
- res.header("Access-Control-Allow-Origin", "*");
- res.header("Access-Control-Allow-Headers",
- "Origin, X-Requested-With, Content-Type, Accept");
- next();
- });
+if (params.cors.enable) {
+ app.use(function(req, res, next) {
+ res.header("Access-Control-Allow-Origin", params.cors.allowedOrigin);
+ res.header("Access-Control-Allow-Credentials", true); //for cookies
+ res.header(
+ "Access-Control-Allow-Headers",
+ "Origin, X-Requested-With, Content-Type, Accept"
+ );
+ res.header(
+ "Access-Control-Allow-Methods",
+ "GET, POST, OPTIONS, PUT, DELETE"
+ );
+ next();
+ });