From 26075c22d6826e583b691ffb051f6e6fe7f1cd13 Mon Sep 17 00:00:00 2001
From: Doug A <douganderson444@gmail.com>
Date: Thu, 15 Aug 2019 14:48:21 -0400
Subject: [PATCH] Allow CORS

I ran into issue #118 , here is a PR that I think will address the issue, for your consideration.
---
 index.js | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/index.js b/index.js
index 41f8f7f..fb8546f 100644
--- a/index.js
+++ b/index.js
@@ -146,6 +146,14 @@ module.exports = async function (config) {
 
   // Then apply csurf
   app.use(config.csrf ? csurf({cookie: true}) : fakeCSRF)
+  
+  // add CORS to address https://github.com/beakerbrowser/hashbase/issues/118 
+  // for non-beaker CORS access to /.well-known/psa, etc.
+  app.use(function(req, res, next) {
+    res.setHeader("Access-Control-Allow-Origin", "*") // for CORS access to /.well-known/psa
+    res.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept")
+    next();
+  });
 
   // service apis
   // =