Update: Npm Cors Doc

config/cors.config.js

@@ -1,28 +1,19 @@
 const cors = require('cors');
 module.exports.cors = cors;
 
-const allowList = [
+const whitelist = [
     'http://127.0.0.1:4200',
     'http://127.0.0.1:4201',
     'https://admin-polynotfound.herokuapp.com',
     'https://polynotfound.herokuapp.com'
 ];
 
-const corsOptionsDelegate = function(req, callback) {
-    console.log(req.header('Origin'), allowList.indexOf(req.header('Origin')));
-    let corsOptions;
-    if (allowList.indexOf(req.header('Origin')) !== -1) {
-        corsOptions = {
-            origin: true,
-            credentials: true
-        }
+module.exports.corsOptions = {
+    origin: function(origin, callback) {
+        if (whitelist.indexOf(origin) !== -1) {
+            callback(null, true);
         } else {
-        corsOptions = {
-            origin: false,
-            credentials: true
+            callback(new Error('Not allowed by CORS'));
         }
     }
-    console.log(corsOptions);
-    callback(null, corsOptions)
 }
-module.exports.options = corsOptionsDelegate;

routes/user.routes.js

@@ -1,43 +1,43 @@
 const users = require("../controllers/user.controller");
-const {cors, options} = require("../config/cors.config");
+const {cors, corsOptions} = require("../config/cors.config");
 module.exports = app => {
   let router = require("express").Router();
 
   // Authenticate a User
-  router.post("/user/auth", cors(options), users.auth);
+  router.post("/user/auth", cors(corsOptions), users.auth);
 
   // Logout a User
-  router.delete("/user/logout", cors(options), users.logout);
+  router.delete("/user/logout", cors(corsOptions), users.logout);
 
   // Request password reset with email
-  router.post("/user/resetPass", cors(options), users.resetPass);
+  router.post("/user/resetPass", cors(corsOptions), users.resetPass);
 
   // Create and Save a new User
-  router.post("/user/create", cors(options), users.create);
+  router.post("/user/create", cors(corsOptions), users.create);
 
   // Retrieve all Users if admin
-  router.get("/user/findAll", cors(options), users.findAll);
+  router.get("/user/findAll", cors(corsOptions), users.findAll);
 
   // Find single User from id if admin or session id
-  router.get("/user/findOne/:id", cors(options), users.findOne);
+  router.get("/user/findOne/:id", cors(corsOptions), users.findOne);
 
   // Update a User from id if admin or session id
-  router.put("/user/update/:id", cors(options), users.update);
+  router.put("/user/update/:id", cors(corsOptions), users.update);
 
   // Delete a User from id if admin or session id
-  router.delete("/user/delete/:id", cors(options), users.delete);
+  router.delete("/user/delete/:id", cors(corsOptions), users.delete);
 
   // Delete all Users if superAdmin
-  router.delete("/user/deleteAll", cors(options), users.deleteAll);
+  router.delete("/user/deleteAll", cors(corsOptions), users.deleteAll);
 
   // Get all Roles depending on the User session id
-  router.get("/user/roles", cors(options), users.roles);
+  router.get("/user/roles", cors(corsOptions), users.roles);
 
   // Get 1 or multiple ad adapted to the User session id
-  router.get("/user/ad", cors(options), users.ad);
+  router.get("/user/ad", cors(corsOptions), users.ad);
 
   // Get History
-  router.get("/user/history", cors(options), users.history);
+  router.get("/user/history", cors(corsOptions), users.history);
 
   app.use('/api', router);
 };