X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=server%2Fapp.js;h=f97d925baebc5143795e830551a888a8af3761d0;hb=cf742aaf8995ca8be8fc1f2751e4cf28de5d69b6;hp=aa8cade0cb85bb13cb1fb1ba85dc2003f9bdaa14;hpb=625022fdcf750f0aff8fcd699f7e9b89730e1d10;p=vchess.git

diff --git a/server/app.js b/server/app.js
index aa8cade0..f97d925b 100644
--- a/server/app.js
+++ b/server/app.js
@@ -4,10 +4,11 @@ var path = require('path');
 var cookieParser = require('cookie-parser');
 var logger = require('morgan');
 var favicon = require('serve-favicon');
+var params = require('./config/parameters');
 
 var app = express();
 
-app.use(favicon(path.join(__dirname, "favicon", "favicon.ico")));
+app.use(favicon(path.join(__dirname, "static", "favicon.ico")));
 
 if (app.get('env') === 'development')
 {
@@ -27,16 +28,18 @@ else
 app.use(express.json());
 app.use(express.urlencoded({ extended: false }));
 app.use(cookieParser());
-app.use(express.static(path.join(__dirname, 'serve'))); //client "prod" files
+app.use(express.static(path.join(__dirname, 'static'))); //client "prod" files
 
 // In development stage the client side has its own server
-if (app.get('env') === 'development')
+if (params.cors.enable)
 {
 	app.use(function(req, res, next) {
-		res.header("Access-Control-Allow-Origin", "*");
-		res.header("Access-Control-Allow-Headers",
-			"Origin, X-Requested-With, Content-Type, Accept");
-		next();
+		res.header("Access-Control-Allow-Origin", params.cors.allowedOrigin);
+		res.header("Access-Control-Allow-Credentials", true); //for cookies
+    res.header("Access-Control-Allow-Headers",
+      "Origin, X-Requested-With, Content-Type, Accept");
+	  res.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS, PUT, DELETE");
+    next();
 	});
 }