diff --git a/README.md b/README.md index e9ff38f..7084c99 100644 --- a/README.md +++ b/README.md @@ -133,6 +133,10 @@ graphql(schema, ` if you are running your own MusicBrainz mirror. Defaults to `http://musicbrainz.org/ws/2/`. * **`GRAPHBRAINZ_PATH`**: The URL route at which to expose the GraphQL endpoint, if running the standalone server. Defaults to `/`. +* **`GRAPHBRAINZ_CORS_ORIGIN`**: The value of the `origin` option to pass to the + [CORS][cors] middleware. Valid values are `true` to reflect the request + origin, a specific origin string to allow, `*` to allow all origins, and + `false` to disable CORS (the default). * **`GRAPHBRAINZ_CACHE_SIZE`**: The maximum number of REST API responses to cache. Increasing the cache size and TTL will greatly lower query execution time for complex queries involving frequently accessed entities. Defaults to @@ -417,3 +421,4 @@ info. [mirror]: https://musicbrainz.org/doc/MusicBrainz_Server/Setup [aliases]: http://graphql.org/learn/queries/#aliases [schema tests]: test/schema.js +[cors]: https://github.com/expressjs/cors diff --git a/package.json b/package.json index 2097bff..64d61bb 100644 --- a/package.json +++ b/package.json @@ -70,6 +70,7 @@ "dependencies": { "babel-runtime": "^6.25.0", "compression": "^1.7.0", + "cors": "^2.8.4", "dashify": "^0.2.2", "dataloader": "^1.3.0", "debug": "^3.0.0", diff --git a/src/index.js b/src/index.js index 76e2f1d..cac7831 100644 --- a/src/index.js +++ b/src/index.js @@ -1,6 +1,7 @@ import express from 'express' import graphqlHTTP from 'express-graphql' import compression from 'compression' +import cors from 'cors' import MusicBrainz from './api' import schema, { createSchema } from './schema' import { createContext } from './context' @@ -56,8 +57,22 @@ export function start () { const app = express() const port = process.env.PORT || 3000 const route = process.env.GRAPHBRAINZ_PATH || '/' + const corsOptions = { + origin: process.env.GRAPHBRAINZ_CORS_ORIGIN || false, + methods: 'HEAD,GET,POST' + } + switch (corsOptions.origin) { + case 'true': + corsOptions.origin = true + break + case 'false': + corsOptions.origin = false + break + default: + break + } app.use(compression()) - app.use(route, middleware()) + app.use(route, cors(corsOptions), middleware()) app.listen(port) console.log(`Listening on port ${port}.`) } diff --git a/yarn.lock b/yarn.lock index ef8a867..f91e9ab 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1593,6 +1593,13 @@ core-util-is@~1.0.0: version "1.0.2" resolved "https://registry.yarnpkg.com/core-util-is/-/core-util-is-1.0.2.tgz#b5fd54220aa2bc5ab57aab7140c940754503c1a7" +cors@^2.8.4: + version "2.8.4" + resolved "https://registry.yarnpkg.com/cors/-/cors-2.8.4.tgz#2bd381f2eb201020105cd50ea59da63090694686" + dependencies: + object-assign "^4" + vary "^1" + coveralls@^3.0.0: version "3.0.0" resolved "https://registry.yarnpkg.com/coveralls/-/coveralls-3.0.0.tgz#22ef730330538080d29b8c151dc9146afde88a99" @@ -3816,7 +3823,7 @@ oauth-sign@~0.8.2: version "0.8.2" resolved "https://registry.yarnpkg.com/oauth-sign/-/oauth-sign-0.8.2.tgz#46a6ab7f0aead8deae9ec0565780b7d4efeb9d43" -object-assign@^4.0.1, object-assign@^4.1.0: +object-assign@^4, object-assign@^4.0.1, object-assign@^4.1.0: version "4.1.1" resolved "https://registry.yarnpkg.com/object-assign/-/object-assign-4.1.1.tgz#2109adc7965887cfc05cbbd442cac8bfbb360863" @@ -5248,7 +5255,7 @@ validate-npm-package-license@^3.0.1: spdx-correct "~1.0.0" spdx-expression-parse "~1.0.0" -vary@~1.1.2: +vary@^1, vary@~1.1.2: version "1.1.2" resolved "https://registry.yarnpkg.com/vary/-/vary-1.1.2.tgz#2299f02c6ded30d4a5961b0b9f74524a18f634fc"