Server: add cors policy for torrent file and thumbnails

diff --git a/package.json b/package.json
index 909c181768eb73893ba58794c7e617fbba128092..a7f76da5276eea92c30f54727656101df41e42a2 100644 (file)
--- a/package.json
+++ b/package.json
@@ -40,6 +40,7 @@
     "body-parser": "^1.12.4",
     "concurrently": "^2.0.0",
     "config": "^1.14.0",
+    "cors": "^2.8.1",
     "create-torrent": "^3.24.5",
     "debug": "^2.2.0",
     "dezalgo": "^1.0.3",

diff --git a/server.js b/server.js
index 5feb214764f183f10cd7f8b58e5407ff3ce0a98c..e90ed5c253a156cc4ed1f76e41300596cd66d16e 100644 (file)
--- a/server.js
+++ b/server.js
@@ -2,6 +2,7 @@
 
 // ----------- Node modules -----------
 const bodyParser = require('body-parser')
+const cors = require('cors')
 const express = require('express')
 const expressValidator = require('express-validator')
 const http = require('http')
@@ -74,11 +75,11 @@ app.use('/client/*', function (req, res, next) {
 })
 
 const torrentsPhysicalPath = path.join(__dirname, config.get('storage.torrents'))
-app.use(constants.STATIC_PATHS.TORRENTS, express.static(torrentsPhysicalPath, { maxAge: 0 }))
+app.use(constants.STATIC_PATHS.TORRENTS, cors(), express.static(torrentsPhysicalPath, { maxAge: 0 }))
 
 // Uploads path for webseeding
 const uploadsPhysicalPath = path.join(__dirname, config.get('storage.uploads'))
-app.use(constants.STATIC_PATHS.WEBSEED, express.static(uploadsPhysicalPath, { maxAge: 0 }))
+app.use(constants.STATIC_PATHS.WEBSEED, cors(), express.static(uploadsPhysicalPath, { maxAge: 0 }))
 
 // Thumbnails path for express
 const thumbnailsPhysicalPath = path.join(__dirname, config.get('storage.thumbnails'))