From 5788f191b118d3e44e56f3767cc43f1e39dd4dc1 Mon Sep 17 00:00:00 2001
From: Gustavo Maximiliano Cortez <cmgustavo83@gmail.com>
Date: Fri, 6 Mar 2015 18:02:55 -0300
Subject: [PATCH 1/4] Fix access-control-header for web clients

---
 lib/expressapp.js | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/lib/expressapp.js b/lib/expressapp.js
index 726b1e6..83f6c34 100644
--- a/lib/expressapp.js
+++ b/lib/expressapp.js
@@ -27,18 +27,26 @@ ExpressApp.start = function(opts) {
   WalletService.initialize(opts.WalletService);
   var app = express();
   app.use(function(req, res, next) {
-    res.setHeader('Access-Control-Allow-Origin', '*');
+    if (req.headers.cookie) {
+      res.setHeader('Access-Control-Allow-Origin', '*');
+    }
+    else {
+      res.setHeader('Access-Control-Allow-Origin', req.headers.origin);
+    }
     res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, DELETE');
-    res.setHeader('Access-Control-Allow-Headers', 'X-Requested-With,Content-Type,Authorization');
+    res.setHeader('Access-Control-Allow-Headers', 'x-signature,x-identity,X-Requested-With,Content-Type,Authorization');
     next();
   });
   var allowCORS = function(req, res, next) {
     if ('OPTIONS' == req.method) {
-      res.sendStatus(200);
+      var headers = {};
+      headers['Access-Control-Allow-Credentials'] = true;
+      res.writeHead(200, headers);
       res.end();
-      return;
     }
-    next();
+    else {
+      next();
+    }
   }
   app.use(allowCORS);
 

From 6633dc0190909a16d9b0ee4173e7bbb350502064 Mon Sep 17 00:00:00 2001
From: Gustavo Maximiliano Cortez <cmgustavo83@gmail.com>
Date: Fri, 6 Mar 2015 18:16:07 -0300
Subject: [PATCH 2/4] speedup response

---
 lib/expressapp.js | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/lib/expressapp.js b/lib/expressapp.js
index 83f6c34..da07b11 100644
--- a/lib/expressapp.js
+++ b/lib/expressapp.js
@@ -27,20 +27,15 @@ ExpressApp.start = function(opts) {
   WalletService.initialize(opts.WalletService);
   var app = express();
   app.use(function(req, res, next) {
-    if (req.headers.cookie) {
-      res.setHeader('Access-Control-Allow-Origin', '*');
-    }
-    else {
-      res.setHeader('Access-Control-Allow-Origin', req.headers.origin);
-    }
     res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, DELETE');
-    res.setHeader('Access-Control-Allow-Headers', 'x-signature,x-identity,X-Requested-With,Content-Type,Authorization');
+    res.setHeader('Access-Control-Allow-Headers', 'x-signature,x-identity,Content-Type');
     next();
   });
   var allowCORS = function(req, res, next) {
     if ('OPTIONS' == req.method) {
       var headers = {};
       headers['Access-Control-Allow-Credentials'] = true;
+      headers['Access-Control-Allow-Origin'] = req.headers.origin;
       res.writeHead(200, headers);
       res.end();
     }

From 6abddcc3afd49506a32fe7e85aa7f57f92b58093 Mon Sep 17 00:00:00 2001
From: Gustavo Maximiliano Cortez <cmgustavo83@gmail.com>
Date: Fri, 6 Mar 2015 20:11:28 -0300
Subject: [PATCH 3/4] Fix access-allow

---
 lib/expressapp.js | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/lib/expressapp.js b/lib/expressapp.js
index da07b11..db9862d 100644
--- a/lib/expressapp.js
+++ b/lib/expressapp.js
@@ -27,21 +27,19 @@ ExpressApp.start = function(opts) {
   WalletService.initialize(opts.WalletService);
   var app = express();
   app.use(function(req, res, next) {
+    res.setHeader('Access-Control-Allow-Origin', req.headers.origin);
+    res.setHeader('Access-Control-Allow-Credentials', 'true');
     res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, DELETE');
-    res.setHeader('Access-Control-Allow-Headers', 'x-signature,x-identity,Content-Type');
+    res.setHeader('Access-Control-Allow-Headers', 'x-signature,x-identity,X-Requested-With,Content-Type,Authorization');
     next();
   });
   var allowCORS = function(req, res, next) {
     if ('OPTIONS' == req.method) {
-      var headers = {};
-      headers['Access-Control-Allow-Credentials'] = true;
-      headers['Access-Control-Allow-Origin'] = req.headers.origin;
-      res.writeHead(200, headers);
+      res.sendStatus(200);
       res.end();
+      return;
     }
-    else {
-      next();
-    }
+    next();
   }
   app.use(allowCORS);
 

From b052328ad86c4d5b063273f7bf2a3ff23ccffd58 Mon Sep 17 00:00:00 2001
From: Gustavo Maximiliano Cortez <cmgustavo83@gmail.com>
Date: Sat, 7 Mar 2015 15:59:01 -0300
Subject: [PATCH 4/4] Cookies are not necessary, disabled credentials

---
 lib/expressapp.js | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/expressapp.js b/lib/expressapp.js
index db9862d..337a58f 100644
--- a/lib/expressapp.js
+++ b/lib/expressapp.js
@@ -27,8 +27,7 @@ ExpressApp.start = function(opts) {
   WalletService.initialize(opts.WalletService);
   var app = express();
   app.use(function(req, res, next) {
-    res.setHeader('Access-Control-Allow-Origin', req.headers.origin);
-    res.setHeader('Access-Control-Allow-Credentials', 'true');
+    res.setHeader('Access-Control-Allow-Origin', '*');
     res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, DELETE');
     res.setHeader('Access-Control-Allow-Headers', 'x-signature,x-identity,X-Requested-With,Content-Type,Authorization');
     next();