diff --git a/back-end/src/app.js b/back-end/src/app.js index eec2591..e4152ad 100644 --- a/back-end/src/app.js +++ b/back-end/src/app.js @@ -12,15 +12,27 @@ const tablesRouter = require("./tables/tables.router") const app = express(); -var corsOptions = function(req, res, next){ - res.header('Access-Control-Allow-Origin', '*'); - res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS'); - res.header('Access-Control-Allow-Headers', - 'Content-Type, Authorization, Content-Length, X-Requested-With'); - next(); -} - -app.use(corsOptions); +// var corsOptions = function(req, res, next){ +// res.header('Access-Control-Allow-Origin', req.headers.origin); +// res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS'); +// res.header('Access-Control-Allow-Headers', +// 'Content-Type, Authorization, Content-Length, X-Requested-With'); +// next(); +// } + +let corsOptions = { + origin : ['*', 'http://localhost:3000'], + } + +app.use(cors(corsOptions)) + +// let allowedOrigins = ["http://ServerA:3000", "http://ServerB:3000"] +// let origin = req.headers.origin; +// if (allowedOrigins.includes(origin)) { +// res.header("Access-Control-Allow-Origin", origin); // restrict it to the required domain +// } + +// app.use(corsOptions); app.use(express.json());