From 6c23d95feb86ba6b98618e95a6f1ec6117547485 Mon Sep 17 00:00:00 2001
From: Damian Krzeminski <pirxpilot@code42day.com>
Date: Wed, 12 Apr 2017 09:43:43 -0700
Subject: [PATCH] add `--cors` option to allow for optional CORS handling

we are using `cors` middleware with default options which works for most
applications, but does not allow for fine tuning (whitelisting origins
etc.)

this change keeps CORS handling as default to preserve compatibility but
also allows for specying `--no-cors` option which makes it possible to
handle CORS in an independent proxy (NGINX, another node app etc.)
---
 src/main.js   | 7 ++++++-
 src/server.js | 4 +++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/main.js b/src/main.js
index 86cf684..4bc2f6d 100644
--- a/src/main.js
+++ b/src/main.js
@@ -32,6 +32,10 @@ var opts = require('nomnom')
     default: 8080,
     help: 'Port'
   })
+  .option('cors', {
+    default: true,
+    help: 'Enable Cross-origin resource sharing headers'
+  })
   .option('verbose', {
     abbr: 'V',
     flag: true,
@@ -54,7 +58,8 @@ var startServer = function(configPath, config) {
     configPath: configPath,
     config: config,
     bind: opts.bind,
-    port: opts.port
+    port: opts.port,
+    cors: opts.cors
   });
 };
 
diff --git a/src/server.js b/src/server.js
index ea52a32..7304119 100644
--- a/src/server.js
+++ b/src/server.js
@@ -90,7 +90,9 @@ module.exports = function(opts, callback) {
 
   var data = clone(config.data || {});
 
-  app.use(cors());
+  if (opts.cors) {
+    app.use(cors());
+  }
 
   Object.keys(config.styles || {}).forEach(function(id) {
     var item = config.styles[id];