X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=server%2Fapp.js;h=f97d925baebc5143795e830551a888a8af3761d0;hb=c6788ecf8a595409c7e31febf3d13c97bde2a725;hp=d4aef2864ea71e046c862c3c6dbc978eb244ed95;hpb=b644ef7f0302dcb024e5214600d13883906faed0;p=vchess.git

diff --git a/server/app.js b/server/app.js
index d4aef286..f97d925b 100644
--- a/server/app.js
+++ b/server/app.js
@@ -35,9 +35,11 @@ if (params.cors.enable)
 {
 	app.use(function(req, res, next) {
 		res.header("Access-Control-Allow-Origin", params.cors.allowedOrigin);
-		res.header("Access-Control-Allow-Headers",
-			"Origin, X-Requested-With, Content-Type, Accept");
-		next();
+		res.header("Access-Control-Allow-Credentials", true); //for cookies
+    res.header("Access-Control-Allow-Headers",
+      "Origin, X-Requested-With, Content-Type, Accept");
+	  res.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS, PUT, DELETE");
+    next();
 	});
 }