Don't use self-rolled CORS

lib/server.js

@@ -2,6 +2,7 @@ var util = require('./util');
 var bodyParser = require('body-parser');
 var WebSocketServer = require('ws').Server;
 var url = require('url');
+var cors = require('cors');
 
 var app = exports = module.exports = {};
 
@@ -140,7 +141,7 @@ app._checkKey = function(key, ip, cb) {
 app._initializeHTTP = function() {
   var self = this;
 
-  this.use(util.allowCrossDomain);
+  this.use(cors());
 
   this.get('/', function(req, res, next) {
     res.send(require('../app.json'));
@@ -182,11 +183,11 @@ app._initializeHTTP = function() {
         if (isAllowed) {
           res.send(Object.keys(self._clients[key]));
         } else {
-          res.send(401);
+          res.sendStatus(401);
         }
       });
     } else {
-      res.send(404);
+      res.sendStatus(404);
     }
   });
 
@@ -197,7 +198,7 @@ app._initializeHTTP = function() {
     var client;
     if (!self._clients[key] || !(client = self._clients[key][id])) {
       if (req.params.retry) {
-        res.send(401);
+        res.sendStatus(401);
       } else {
         // Retry this request
         req.params.retry = true;
@@ -208,7 +209,7 @@ app._initializeHTTP = function() {
 
     // Auth the req
     if (req.params.token !== client.token) {
-      res.send(401);
+      res.sendStatus(401);
       return;
     } else {
       self._handleTransmission(key, {
@@ -217,7 +218,7 @@ app._initializeHTTP = function() {
         dst: req.body.dst,
         payload: req.body.payload
       });
-      res.send(200);
+      res.sendStatus(200);
     }
   };
 

lib/util.js

@@ -25,13 +25,6 @@ var util = {
   },
   prettyError: function (msg) {
     console.log('ERROR PeerServer: ', msg);
-  },
-  allowCrossDomain: function(req, res, next) {
-    res.setHeader('Access-Control-Allow-Origin', '*');
-    res.setHeader('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS');
-    res.setHeader('Access-Control-Allow-Headers', 'Content-Type');
-
-    next();
   }
 };