- res.header("Access-Control-Allow-Headers",
- "Origin, X-Requested-With, Content-Type, Accept");
- next();
+ res.header("Access-Control-Allow-Credentials", true); //for cookies
+ res.header("Access-Control-Allow-Headers",
+ "Origin, X-Requested-With, Content-Type, Accept");
+ res.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS, PUT, DELETE");
+ next();