Convert all remaining tabs by 2spaces

[vchess.git] / server / app.js

diff --git a/server/app.js b/server/app.js
index b1aee52..1fc03c5 100644 (file)
--- a/server/app.js
+++ b/server/app.js
@@ -4,6 +4,7 @@ var path = require('path');
 var cookieParser = require('cookie-parser');
 var logger = require('morgan');
 var favicon = require('serve-favicon');
+var params = require('./config/parameters');
 
 var app = express();
 
@@ -11,17 +12,17 @@ app.use(favicon(path.join(__dirname, "static", "favicon.ico")));
 
 if (app.get('env') === 'development')
 {
-       // Full logging in development mode
-       app.use(logger('dev'));
+  // Full logging in development mode
+  app.use(logger('dev'));
 }
 else
 {
-       // http://dev.rdybarra.com/2016/06/23/Production-Logging-With-Morgan-In-Express/
-       app.set('trust proxy', true);
-       // In prod, only log error responses (https://github.com/expressjs/morgan)
-       app.use(logger('combined', {
-               skip: function (req, res) { return res.statusCode < 400 }
-       }));
+  // http://dev.rdybarra.com/2016/06/23/Production-Logging-With-Morgan-In-Express/
+  app.set('trust proxy', true);
+  // In prod, only log error responses (https://github.com/expressjs/morgan)
+  app.use(logger('combined', {
+    skip: function (req, res) { return res.statusCode < 400 }
+  }));
 }
 
 app.use(express.json());
@@ -32,12 +33,14 @@ app.use(express.static(path.join(__dirname, 'static'))); //client "prod" files
 // In development stage the client side has its own server
 if (params.cors.enable)
 {
-       app.use(function(req, res, next) {
-               res.header("Access-Control-Allow-Origin", params.cors.allowedOrigin);
-               res.header("Access-Control-Allow-Headers",
-                       "Origin, X-Requested-With, Content-Type, Accept");
-               next();
-       });
+  app.use(function(req, res, next) {
+    res.header("Access-Control-Allow-Origin", params.cors.allowedOrigin);
+    res.header("Access-Control-Allow-Credentials", true); //for cookies
+    res.header("Access-Control-Allow-Headers",
+      "Origin, X-Requested-With, Content-Type, Accept");
+    res.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS, PUT, DELETE");
+    next();
+  });
 }
 
 // Routing (AJAX-only)
@@ -57,11 +60,11 @@ app.use(function(err, req, res, next) {
   // render the error page
   res.status(err.status || 500);
   res.send(`
-               <!doctype html>
-               <h1>= message</h1>
-               <h2>= error.status</h2>
-               <pre>#{error.stack}</pre>
-       `);
+    <!doctype html>
+    <h1>= message</h1>
+    <h2>= error.status</h2>
+    <pre>#{error.stack}</pre>
+  `);
 });
 
 module.exports = app;