src/utils/setCors.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

const setCorsHeaders = (response, config) => {
  const corsConfig = config instanceof Object ? config : false;

  response.headers.set(
    "Access-Control-Allow-Credentials",
    corsConfig ? corsConfig.allowCredentials : "true"
  );
  response.headers.set(
    "Access-Control-Allow-Headers",
    corsConfig ? corsConfig.allowHeaders : "application/json, Content-type"
  );
  response.headers.set(
    "Access-Control-Allow-Methods",
    corsConfig ? corsConfig.allowMethods : "GET, POST"
  );
  response.headers.set(
    "Access-Control-Allow-Origin",
    corsConfig ? corsConfig.allowOrigin : "*"
  );
  response.headers.set("X-Content-Type-Options", "nosniff");
};

module.exports = setCorsHeaders;