How to use the corser.simpleRequestHeaders function in corser
To help you get started, we’ve selected a few corser examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
derhuerst / db-rest / api.js View on Github 
const departures = require('./lib/departures')
const journeys = require('./lib/journeys')
const stations = require('./lib/stations')
const allStations = require('./lib/all-stations')
const api = express()
module.exports = api
api.use(hsts({maxAge: 24 * 60 * 60 * 1000}))
morgan.token('id', (req, res) => req.headers['x-identifier'] || shorthash(req.ip))
api.use(morgan(':date[iso] :id :method :url :status :response-time ms'))
const allowed = corser.simpleRequestHeaders.concat(['User-Agent', 'X-Identifier'])
api.use(corser.create({requestHeaders: allowed})) // CORS
api.use(compression())
api.use((req, res, next) => {
if (!res.headersSent)
res.setHeader('X-Powered-By', pkg.name + ' ' + pkg.homepage)
next()
})
const noCache = nocache()
api.get('/stations/:id/departures', noCache, departures)
api.get('/journeys', noCache, journeys)module.exports = function(options) {
var port = options.pouchPort;
var directory = path.resolve(options.directory);
var app = express();
var logger = new Logger(Logger.getLevel(options.logLevel));
app.use(util.request(logger));
app.use(compression());
app.use(favicon(path.resolve(__dirname, '..', 'dist', 'favicon.ico')));
app.use(corser.create({
methods: ['GET', 'HEAD', 'POST', 'PUT', 'DELETE'],
supportsCredentials: true,
requestHeaders: corser.simpleRequestHeaders.concat(["Authorization", "Origin", "Referer"])
}));
// set up express-pouchdb with the prefix (directory)
var ScopedPouchDB = PouchDB.defaults({
prefix: directory + '/'
});
var configFile = path.resolve(directory, 'config.json');
var logFile = path.resolve(directory, 'log.txt');
// hacky, but there doesn't seem to be any other way to prefix the log file
fs.writeFileSync(configFile, JSON.stringify({
log: {
file: logFile
}
}), 'utf-8');
var pouchDBApp = expressPouchDB({
configPath: configFilemethods: config.get('cors', 'methods').split(', '),
supportsCredentials: config.get('cors', 'credentials'),
requestHeaders: config.get('cors', 'headers').split(', '),
origins: origins
});
} else {
corsMiddleware = null;
}
}
[
['httpd', 'enable_cors', true],
['cors', 'credentials', true],
['cors', 'methods', 'GET, HEAD, POST, PUT, DELETE, COPY'],
['cors', 'origins', '*'],
['cors', 'headers', corser.simpleRequestHeaders.concat([
'Authorization', 'Origin', 'Referer'
]).join(', ')],
].forEach(function (info) {
config.registerDefault.apply(config, info);
config.on(info[0] + '.' + info[1], corsChanged);
});
corsChanged();
return function (req, res, next) {
if (!corsMiddleware) {
return next();
}
corsMiddleware(req, res, next);
};
};exports.setup = function(options, req, res, next) {
var remoteHost = req.headers.origin
, corsOpts = {supportsCredentials: true, methods: ALLOWED_METHODS, maxAge: 300};
if(remoteHost) {
corsOpts.origins = options.origins;
} else {
corsOpts.supportsCredentials = false;
}
corsOpts.responseHeaders = corser.simpleResponseHeaders.concat(["X-Session-Token", "X-Session-Invalidated"]).concat(options.allowedResponseHeaders || []);
corsOpts.requestHeaders = corser.simpleRequestHeaders.concat(["X-Requested-With", "Authorization"]).concat(options.allowedRequestHeaders || []);
if (options.allowCorsRootRequests) {
corsOpts.requestHeaders.push("dpd-ssh-key");
}
var handler = corser.create(corsOpts);
handler(req, res, function () {
req.cookies = res.cookies = new Cookies(req, res);
if(~req.url.indexOf('?')) {
try {
req.query = parseQuery(req.url);
var m = req.query._method;
if ( m ) {
req.originalMethod = req.method;
req.method = m.toUpperCase();corser
A highly configurable, middleware compatible implementation of CORS.
