Snippet: CORS in Preflight (options) and Request (post/get/put/patch/delete)

[trasherdk]

Setting up cors is not just about adding the access-control-allow-origin header.
It also requires serving the preflight requests for non-simple requests.

function setCorsHeaders(response) {
    // You can change the below headers as they're just examples
    response.writeHeader("Access-Control-Allow-Origin", "*");
    response.writeHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
    response.writeHeader("Access-Control-Allow-Headers", "origin, content-type, accept, x-requested-with");
    response.writeHeader("Access-Control-Max-Age", "3600");
}
app.options("/graphql", (response) => {
    setCorsHeaders(response);
    response.end();
});
app.post("/graphql", (response) => {
    setCorsHeaders(response);
    // handler requests...
});

Source: uNetworking#316 (comment)