From 298948b203722e8cc3f00377c1fb02c2932258ae Mon Sep 17 00:00:00 2001
From: James <james@trbl.design>
Date: Tue, 28 Jul 2020 19:46:53 -0400
Subject: [PATCH] supports wildcard cors header

---
 src/express/middleware/index.js | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/express/middleware/index.js b/src/express/middleware/index.js
index 60272d8db..d5994cf4e 100644
--- a/src/express/middleware/index.js
+++ b/src/express/middleware/index.js
@@ -28,13 +28,14 @@ const middleware = (payload) => [
   },
   (req, res, next) => {
     if (payload.config.cors) {
-      if (payload.config.cors.indexOf(req.headers.origin) > -1) {
-        res.setHeader('Access-Control-Allow-Origin', req.headers.origin);
-        res.header('Access-Control-Allow-Methods', 'PUT, POST, GET, DELETE, OPTIONS');
-      }
+      res.header('Access-Control-Allow-Methods', 'PUT, POST, GET, DELETE, OPTIONS');
+      res.header('Access-Control-Allow-Headers', 'Origin X-Requested-With, Content-Type, Accept, Authorization');
 
-      res.header('Access-Control-Allow-Headers',
-        'Origin X-Requested-With, Content-Type, Accept, Authorization');
+      if (payload.config.cors === '*') {
+        res.setHeader('Access-Control-Allow-Origin', '*');
+      } else if (Array.isArray(payload.config.cors) && payload.config.cors.indexOf(req.headers.origin) > -1) {
+        res.setHeader('Access-Control-Allow-Origin', req.headers.origin);
+      }
     }
 
     next();