maztch/cors.js

## cors.js
// all our previous code should be here

// this array is used for identification of allowed origins in CORS
const originWhitelist = ['http://localhost:3000', 'https://example.net'];

// middleware route that all requests pass through
router.use((request, response, next) => {
  console.log('Server info: Request received');

  let origin = request.headers.origin;

  // only allow requests from origins that we trust
  if (originWhitelist.indexOf(origin) > -1) {
    response.setHeader('Access-Control-Allow-Origin', origin);
  }

  // only allow get requests, separate methods by comma e.g. 'GET, POST'
  response.setHeader('Access-Control-Allow-Methods', 'GET');
  response.setHeader('Access-Control-Allow-Headers', 'X-Requested-With,content-type');
  response.setHeader('Access-Control-Allow-Credentials', true);

  // push through to the proper route
  next();
});
	// all our previous code should be here

	// this array is used for identification of allowed origins in CORS
	const originWhitelist = ['http://localhost:3000', 'https://example.net'];

	// middleware route that all requests pass through
	router.use((request, response, next) => {
	console.log('Server info: Request received');

	let origin = request.headers.origin;

	// only allow requests from origins that we trust
	if (originWhitelist.indexOf(origin) > -1) {
	response.setHeader('Access-Control-Allow-Origin', origin);
	}

	// only allow get requests, separate methods by comma e.g. 'GET, POST'
	response.setHeader('Access-Control-Allow-Methods', 'GET');
	response.setHeader('Access-Control-Allow-Headers', 'X-Requested-With,content-type');
	response.setHeader('Access-Control-Allow-Credentials', true);

	// push through to the proper route
	next();
	});