diff options
-rw-r--r-- | docker-compose.yml | 4 | ||||
-rw-r--r-- | server/cors.js | 12 |
2 files changed, 16 insertions, 0 deletions
diff --git a/docker-compose.yml b/docker-compose.yml index b2cc4781..8f1e057f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -239,6 +239,10 @@ services: # ==== CORS ===== # CORS: Set Access-Control-Allow-Origin header. #- CORS=* + # CORS_ALLOW_HEADERS: Set Access-Control-Allow-Headers header. "Authorization,Content-Type" is required for cross-origin use of the API. + #- CORS_ALLOW_HEADERS=Authorization,Content-Type + # CORS_EXPOSE_HEADERS: Set Access-Control-Expose-Headers header. This is not needed for typical CORS situations + #- CORS_EXPOSE_HEADERS=* #----------------------------------------------------------------- # ==== MATOMO INTEGRATION ==== # Optional: Integration with Matomo https://matomo.org that is installed to your server diff --git a/server/cors.js b/server/cors.js index 80369a83..0db38d9b 100644 --- a/server/cors.js +++ b/server/cors.js @@ -7,5 +7,17 @@ Meteor.startup(() => { return next(); }); } + if ( process.env.CORS_ALLOW_HEADERS ) { + WebApp.rawConnectHandlers.use(function(req, res, next) { + res.setHeader('Access-Control-Allow-Headers', process.env.CORS_ALLOW_HEADERS); + return next(); + }); + } + if ( process.env.CORS_EXPOSE_HEADERS ) { + WebApp.rawConnectHandlers.use(function(req, res, next) { + res.setHeader('Access-Control-Expose-Headers', process.env.CORS_EXPOSE_HEADERS); + return next(); + }); + } }); |