{
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", params.cors.allowedOrigin);
- res.header("Access-Control-Allow-Headers",
+ res.header("Access-Control-Allow-Credentials", true); //for cookies
+ res.header("Access-Control-Allow-Headers",
"Origin, X-Requested-With, Content-Type, Accept");
res.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS, PUT, DELETE");
next();