ritwickdey/cors.js

## cors.js
const express = require('express');
const app = express();

//CORS Setup
app.use((req, res, next) => {
  res.header('Access-Control-Allow-Origin', '*'); // Allowed Origins.
  res.header('Access-Control-Allow-Headers', '*'); // Allowed Headers.
  res.header('Access-Control-Expose-Headers', 'token'); // Exposed Headers - means client only can access those headers.

  if (req.method === 'OPTIONS') {
    res.header('Access-Control-Allow-Methods', 'PUT, POST, PATCH, DELETE'); // Allowed Methods.
    res.header('Access-Control-Max-Age', 5 * 24 * 60 * 60); //5 days... But Chrome will take its MAX value.  :D
    return res.status(200).json({});
  }
  next();
});
	const express = require('express');
	const app = express();

	//CORS Setup
	app.use((req, res, next) => {
	res.header('Access-Control-Allow-Origin', '*'); // Allowed Origins.
	res.header('Access-Control-Allow-Headers', '*'); // Allowed Headers.
	res.header('Access-Control-Expose-Headers', 'token'); // Exposed Headers - means client only can access those headers.

	if (req.method === 'OPTIONS') {
	res.header('Access-Control-Allow-Methods', 'PUT, POST, PATCH, DELETE'); // Allowed Methods.
	res.header('Access-Control-Max-Age', 5 * 24 * 60 * 60); //5 days... But Chrome will take its MAX value. :D
	return res.status(200).json({});
	}
	next();
	});