Support OPTIONS

[wprl]

Set Accept headers appropriately in response.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

[wprl]

HTTP/1.1 200 OK
Date: Mon, 01 Dec 2008 01:15:39 GMT
Server: Apache/2.0.61 (Unix)
Access-Control-Allow-Origin: http://foo.example
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: X-PINGOTHER
Access-Control-Max-Age: 1728000
Vary: Accept-Encoding, Origin
Content-Encoding: gzip
Content-Length: 0
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/plain

Example from: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

Don't set CORS headers; set headers as normal but send no body. Perhaps send some kind of body describing the options for the resource.

[pjmolina]

Two cents on this.

To support CORS, we are using the following middleware when needed: https://github.com/Icinetic/model-101/blob/master/app/services/authz.js#L37-L44

//CORS enabled for allowing 3rd party web-apps to consume Swagger metadata and backend. 
//Disable it commenting this block if you don not need it. ----------
app.all('*', function(req, res, next) {
    res.header("Access-Control-Allow-Origin", "*");  //Change * to your host domain
    res.header("Access-Control-Allow-Headers", "X-Requested-With, Content-Type");
    res.header("Access-Control-Allow-Methods", "OPTIONS,GET,POST,PUT,DELETE");
    next();
});