cors.js
3.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
/**
* Cross-Origin Resource Sharing (CORS) Settings
* (sails.config.cors)
*
* CORS is like a more modern version of JSONP-- it allows your server/API
* to successfully respond to requests from client-side JavaScript code
* running on some other domain (e.g. google.com)
* Unlike JSONP, it works with POST, PUT, and DELETE requests
*
* For more information on CORS, check out:
* http://en.wikipedia.org/wiki/Cross-origin_resource_sharing
*
* Note that any of these settings (besides 'allRoutes') can be changed on a per-route basis
* by adding a "cors" object to the route configuration:
*
* '/get foo': {
* controller: 'foo',
* action: 'bar',
* cors: {
* origin: 'http://foobar.com,https://owlhoot.com'
* }
* }
*
* For more information on this configuration file, see:
* http://sailsjs.org/#!/documentation/reference/sails.config/sails.config.cors.html
*
*/
module.exports.cors = {
/***************************************************************************
* *
* Allow CORS on all routes by default? If not, you must enable CORS on a *
* per-route basis by either adding a "cors" configuration object to the *
* route config, or setting "cors:true" in the route config to use the *
* default settings below. *
* *
***************************************************************************/
// allRoutes: false,
/***************************************************************************
* *
* Which domains which are allowed CORS access? This can be a *
* comma-delimited list of hosts (beginning with http:// or https://) or *
* "*" to allow all domains CORS access. *
* *
***************************************************************************/
// origin: '*',
/***************************************************************************
* *
* Allow cookies to be shared for CORS requests? *
* *
***************************************************************************/
// credentials: true,
/***************************************************************************
* *
* Which methods should be allowed for CORS requests? This is only used in *
* response to preflight requests (see article linked above for more info) *
* *
***************************************************************************/
// methods: 'GET, POST, PUT, DELETE, OPTIONS, HEAD',
/***************************************************************************
* *
* Which headers should be allowed for CORS requests? This is only used in *
* response to preflight requests. *
* *
***************************************************************************/
// headers: 'content-type'
};