X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=server%2Fapp.js;h=1fc03c598722a2e6f8028798539b6cc2b1fcf0a9;hb=50f1f7c38bae6100b15db1fdb263a1fb97b9266c;hp=b1aee52c6a79ec131dcf253f85fcee0abf1098e8;hpb=98db2082fd31e7a7bc0348e31ce119f39dbc31b3;p=vchess.git

diff --git a/server/app.js b/server/app.js
index b1aee52c..1fc03c59 100644
--- a/server/app.js
+++ b/server/app.js
@@ -4,6 +4,7 @@ var path = require('path');
 var cookieParser = require('cookie-parser');
 var logger = require('morgan');
 var favicon = require('serve-favicon');
+var params = require('./config/parameters');
 
 var app = express();
 
@@ -11,17 +12,17 @@ app.use(favicon(path.join(__dirname, "static", "favicon.ico")));
 
 if (app.get('env') === 'development')
 {
-	// Full logging in development mode
-	app.use(logger('dev'));
+  // Full logging in development mode
+  app.use(logger('dev'));
 }
 else
 {
-	// http://dev.rdybarra.com/2016/06/23/Production-Logging-With-Morgan-In-Express/
-	app.set('trust proxy', true);
-	// In prod, only log error responses (https://github.com/expressjs/morgan)
-	app.use(logger('combined', {
-		skip: function (req, res) { return res.statusCode < 400 }
-	}));
+  // http://dev.rdybarra.com/2016/06/23/Production-Logging-With-Morgan-In-Express/
+  app.set('trust proxy', true);
+  // In prod, only log error responses (https://github.com/expressjs/morgan)
+  app.use(logger('combined', {
+    skip: function (req, res) { return res.statusCode < 400 }
+  }));
 }
 
 app.use(express.json());
@@ -32,12 +33,14 @@ app.use(express.static(path.join(__dirname, 'static'))); //client "prod" files
 // In development stage the client side has its own server
 if (params.cors.enable)
 {
-	app.use(function(req, res, next) {
-		res.header("Access-Control-Allow-Origin", params.cors.allowedOrigin);
-		res.header("Access-Control-Allow-Headers",
-			"Origin, X-Requested-With, Content-Type, Accept");
-		next();
-	});
+  app.use(function(req, res, next) {
+    res.header("Access-Control-Allow-Origin", params.cors.allowedOrigin);
+    res.header("Access-Control-Allow-Credentials", true); //for cookies
+    res.header("Access-Control-Allow-Headers",
+      "Origin, X-Requested-With, Content-Type, Accept");
+    res.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS, PUT, DELETE");
+    next();
+  });
 }
 
 // Routing (AJAX-only)
@@ -57,11 +60,11 @@ app.use(function(err, req, res, next) {
   // render the error page
   res.status(err.status || 500);
   res.send(`
-		<!doctype html>
-		<h1>= message</h1>
-		<h2>= error.status</h2>
-		<pre>#{error.stack}</pre>
-	`);
+    <!doctype html>
+    <h1>= message</h1>
+    <h2>= error.status</h2>
+    <pre>#{error.stack}</pre>
+  `);
 });
 
 module.exports = app;