adding cors support to sample app and docs

Apps/petstore/main.js

@@ -18,13 +18,31 @@
 // Include express and swagger in the application.
 var express = require("express")
  , url = require("url")
+ , cors = require("cors")
  , swagger = require("../../Common/node/swagger.js");
 
 var petResources = require("./petResources.js");
 
 var app = express();
+
+var corsOptions = {
+    credentials: true,
+    origin: function(origin,callback) {
+        if(origin===undefined) {
+            callback(null,false);
+        } else {
+            // change wordnik.com to your allowed domain.
+            var match = origin.match("^(.*)?.wordnik.com(\:[0-9]+)?");
+            var allowed = (match!==null && match.length > 0);
+            callback(null,allowed);
+        }
+    }
+};
+
 app.use(express.json());
 app.use(express.urlencoded());
+app.use(cors(corsOptions));
+
 
 // Set the main handler in swagger to the express app
 swagger.setAppHandler(app);

Common/node/swagger.js

@@ -72,8 +72,6 @@ function configure(bp, av) {
 // Convenience to set default headers in each response.
 
 function setHeaders(res) {
-  res.header('Access-Control-Allow-Origin', "*");
-  res.header("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE");
   res.header("Access-Control-Allow-Headers", "Content-Type, api_key");
   res.header("Content-Type", "application/json; charset=utf-8");
 }

README.md

@@ -143,16 +143,39 @@ swagger.setAppHandler(subpath);
 
 Now swagger and all apis configured through it will live under the `/v1` path (i.e. `/v1/api-docs`).
 
-#### Allows-origin and special headers
+#### Allows special headers
 
 If you want to modify the default headers sent with every swagger-managed method, you can do so as follows:
 
 ```js
 swagger.setHeaders = function setHeaders(res) {
-  res.header('Access-Control-Allow-Origin', "*");
-  res.header("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT");
   res.header("Access-Control-Allow-Headers", "Content-Type, X-API-KEY");
   res.header("Content-Type", "application/json; charset=utf-8");
 };
 ```
 If you have a special name for an api key (such as `X-API-KEY`, per above), this is where you can inject it.
+
+#### Enabling cors support using cors library
+
+To enable cors support using cors express npm module (https://npmjs.org/package/cors) add the following to your app.
+
+```js
+var cors = require('cors');
+
+var corsOptions = {
+    credentials: true,
+    origin: function(origin,callback) {
+        if(origin===undefined) {
+            callback(null,false);
+        } else {
+            // change wordnik.com to your allowed domain.
+            var match = origin.match("^(.*)?.wordnik.com(\:[0-9]+)?");
+            var allowed = (match!==null && match.length > 0);
+            callback(null,allowed);
+        }
+    }
+};
+
+app.use(cors(corsOptions));
+
+```

package.json

@@ -34,7 +34,8 @@
     "connect": ">= 1.8.x",
     "express": "3.x",
     "docco": "0.4.x",
-    "lodash": "1.3.1"
+    "lodash": "1.3.1",
+    "cors": "2.1.1"
   },
   "license": "apache 2.0"
 }