diff --git a/README.md b/README.md
index b4313d0..b6816b6 100644
--- a/README.md
+++ b/README.md
@@ -65,7 +65,7 @@ Oh, do you want some specific stuff? Checkout the available o
--port, --p change port
--host, --h change the host name
--secure, --s use https/wss
---cors, --c respond to requests with CORS headers
+--cors, --c respond to requests with CORS headers, use true or object to override defaults
--quiet, --q no logging whatsoever
--noBrowser, --nb won't open the browser automagically
--only, --o will only watch for changes in the given path/glob/regex/array
@@ -88,6 +88,11 @@ All the options being used on the `CLI` can be added to t
{
"port": 9999,
"quiet": true,
+ "cors": {
+ "headers": "Content-Type, Custom-Header",
+ "methods": "GET, OPTIONS",
+ "credentials": false
+ },
"pathIndex": "src/",
"only": ["src/**/*"],
"proxy": true,
diff --git a/lib/server.js b/lib/server.js
index d5210dc..3015bb0 100644
--- a/lib/server.js
+++ b/lib/server.js
@@ -222,20 +222,26 @@ module.exports = class Server extends EventEmitter {
}
_initCors() {
- if (this.opts.cors) {
- this._app.use(this._cors);
+ if (!!this.opts.cors) {
+ this._app.use(this._cors());
}
}
- _cors(req, res, next) {
- res.setHeader('Access-Control-Allow-Origin', req.headers.origin || '*');
- res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, PATCH, DELETE');
- res.setHeader('Access-Control-Allow-Headers', 'Authorization,X-Requested-With,Content-Type');
- res.setHeader('Access-Control-Allow-Credentials', true);
- if (req.method === 'OPTIONS') {
- return res.status(200).end();
+ _cors() {
+ const corsOptions = Object.assign({
+ methods: 'GET, POST, OPTIONS, PUT, PATCH, DELETE',
+ headers: 'Authorization,X-Requested-With,Content-Type',
+ credentials: true,
+ }, this.opts.cors || {});
+
+ return function(req, res, next) {
+ res.setHeader('Access-Control-Allow-Origin', req.headers.origin || '*');
+ res.setHeader('Access-Control-Allow-Methods', corsOptions.methods);
+ res.setHeader('Access-Control-Allow-Headers', corsOptions.headers);
+ res.setHeader('Access-Control-Allow-Credentials', corsOptions.credentials);
+
+ return req.method === 'OPTIONS' ? res.status(200).end() : next();
}
- return next();
}
_initProxy() {
diff --git a/test/server_test.js b/test/server_test.js
index cbcdc3f..549620d 100644
--- a/test/server_test.js
+++ b/test/server_test.js
@@ -561,9 +561,11 @@ describe('server', () => {
});
describe('options', function() {
- it('should open the browser and use CORS', (done) => {
+ it('should open the browser and use CORS with custom access-control-allow-headers', (done) => {
let _server = new Server({
- cors: true,
+ cors: {
+ headers: 'test-header',
+ },
quiet: true,
pathIndex: 'test/'
});
@@ -574,6 +576,8 @@ describe('server', () => {
http.get(`http://${_server.opts.host}:${_server.opts.port}/`, function(res) {
expect(res.headers['access-control-allow-origin']).to.not.be.undefined;
+ expect(res.headers['access-control-allow-headers']).to.equal('test-header');
+ expect(res.headers['access-control-allow-credentials']).to.equal('true');
return done();
})