Finished work on CORS

Finished work on CORS

package.json

   },
   "dependencies": {
     "body-parser": "1.15.2",
+    "cors": "2.8.1",
     "express": "4.14.0",
     "node-minify": "1.3.9",
     "nodemailer": "2.4.2",

server.js

 
 // Web server
 var bodyParser  = require('body-parser');
+var cors        = require('cors');
 var express     = require('express');
 var app = express();
 
 // Body parsing
 app.use(bodyParser.urlencoded({ extended: true }));
 app.use(bodyParser.json());
-
-
-// Allow cross-origin requests. Wildcard for now, we'll see if we can improve
-// that.
-app.all('/*', function(req, res, next) {
-    res.header('Access-Control-Allow-Origin', '*');
-    res.header('Access-Control-Allow-Headers', 'Content-Type')
-    next();
-});
+// Allow cross-origin requests.
+var corsOptions = {
+  origin: settings.formOrigin,
+  optionsSuccessStatus: 200 // some legacy browsers (IE11, various SmartTVs) choke on 204
+};
+app.use(cors(corsOptions));
+// Taking care of preflight requests
+app.options('*', cors(corsOptions));
 
 
 // A request on /register generates a token and store it, along the user's
 
 // A request on /send with user input = mail to be sent
 app.post('/send', function(req, res, next) {
+    // Response will be JSON
+    res.header('Access-Control-Allow-Headers', 'Content-Type');
+    
     if(!checkBody(req.body)) {
         return res.status(400).send();
     }

settings.example.json

         "port": 465,
         "secure": true,
         "auth": {
-            "user": "noreply@noreply.tld",
+            "user": "noreply@example.tld",
             "pass": "hackme"
         }
     },
     "recipients": [
         "you@example.tld",
         "someone.else@example.com"
-    ]
+    ],
+    "formOrigin": "https://example.tld"
 }