setCORS static method

void setCORS(APIRequest request, APIResponse response)

Implementation

static void setCORS(APIRequest request, APIResponse response) {
  var origin = getOrigin(request);

  var localhost = false;

  if (origin.isEmpty) {
    response.headers[HttpHeaders.accessControlAllowOriginHeader] = "*";
  } else {
    response.headers[HttpHeaders.accessControlAllowOriginHeader] = origin;

    if (origin.contains("://localhost:") ||
        origin.contains("://127.0.0.1:") ||
        origin.contains("://::1")) {
      localhost = true;
    }
  }

  response.headers[HttpHeaders.accessControlAllowMethodsHeader] =
      "GET,HEAD,PUT,POST,PATCH,DELETE,OPTIONS";

  response.headers[HttpHeaders.accessControlAllowCredentialsHeader] = "true";

  if (localhost) {
    response.headers[HttpHeaders.accessControlAllowHeadersHeader] =
        "Content-Type, Access-Control-Allow-Headers, Authorization, x-ijt";
  } else {
    response.headers[HttpHeaders.accessControlAllowHeadersHeader] =
        "Content-Type, Access-Control-Allow-Headers, Authorization";
  }

  response.headers[HttpHeaders.accessControlExposeHeadersHeader] =
      exposeHeaders;
}