X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=server%2Fapp.js;h=f97d925baebc5143795e830551a888a8af3761d0;hb=a36a09c039d2abaa130c7daddd865009f1456bf7;hp=b1aee52c6a79ec131dcf253f85fcee0abf1098e8;hpb=98db2082fd31e7a7bc0348e31ce119f39dbc31b3;p=vchess.git

diff --git a/server/app.js b/server/app.js
index b1aee52c..f97d925b 100644
--- a/server/app.js
+++ b/server/app.js
@@ -4,6 +4,7 @@ var path = require('path');
 var cookieParser = require('cookie-parser');
 var logger = require('morgan');
 var favicon = require('serve-favicon');
+var params = require('./config/parameters');
 
 var app = express();
 
@@ -34,9 +35,11 @@ if (params.cors.enable)
 {
 	app.use(function(req, res, next) {
 		res.header("Access-Control-Allow-Origin", params.cors.allowedOrigin);
-		res.header("Access-Control-Allow-Headers",
-			"Origin, X-Requested-With, Content-Type, Accept");
-		next();
+		res.header("Access-Control-Allow-Credentials", true); //for cookies
+    res.header("Access-Control-Allow-Headers",
+      "Origin, X-Requested-With, Content-Type, Accept");
+	  res.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS, PUT, DELETE");
+    next();
 	});
 }