CORS Support #1
Description
Hello,
I'm not able to use this package due to CORS restrictions. Our application sends application/json request, which sends an OPTIONS pre-flight request to the server and returns an HTTP 404 error.
I have made modifications to the js file according to CORS specifications (https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS), but I'm a newbie in JS. Is there a possibility to include the next changes in the package?.
Modifications made to response CORS Headers handling:
var reply = function (request, response, status, headers, content, filePath) {
...
if(ALLOW_CORS) {
//headers["Access-Control-Allow-Origin"] = "";
headers['Access-Control-Allow-Origin'] = request.headers['origin'];
headers['Vary'] = 'Origin';
//headers["Access-Control-Allow-Headers"] = "Origin, X-Requested-With, Content-Type, Accept";
// headers['Access-Control-Allow-Headers'] = ''; I'm not sure if this value is supported
headers['Access-Control-Allow-Headers'] = 'Origin, X-Requested-With, Content-Type, Accept, Authorization'; // Added Authorization Header to support secured request
// headers['Access-Control-Request-Method'] = ''; This is a request header not response header
//headers['Access-Control-Allow-Methods'] = '';
if (request.headers['access-control-request-method']) {
headers['Access-Control-Allow-Methods'] = request.headers['access-control-request-method'];
} else {
headers['Access-Control-Allow-Methods'] = '*';
}
if (request.withCredentials) {
headers['Access-Control-Allow-Credentials'] = 'true';
}
}
...
};
Modifications made to support OPTIONS pre-flight requests:
server = http.createServer(function (request, response) {
...
else if (request.method == 'OPTIONS') {
reply(request, response, 200, {}, null);
}
...
}