fix #66 #73; publish as 2.8.0

README.md

@@ -69,7 +69,8 @@ var express = require('express')
   , app = express();
 
 var corsOptions = {
-  origin: 'http://example.com'
+  origin: 'http://example.com',
+  optionsSucccessCode: 200 // some legacy browsers (IE11, various SmartTVs) choke on 204
 };
 
 app.get('/products/:id', cors(corsOptions), function(req, res, next){

lib/index.js

@@ -7,7 +7,8 @@
   var defaults = {
       origin: '*',
       methods: 'GET,HEAD,PUT,PATCH,POST,DELETE',
-      preflightContinue: false
+      preflightContinue: false,
+      optionsSuccessStatus: 204
     };
 
   function isString(s) {
@@ -166,7 +167,7 @@
       if (options.preflightContinue ) {
         next();
       } else {
-        res.statusCode = 204;
+        res.statusCode = options.optionsSuccessStatus || defaults.optionsSuccessStatus;
         res.end();
       }
     } else {

package.json

@@ -1,6 +1,6 @@
 {
   "name": "cors",
-  "version": "2.7.2",
+  "version": "2.8.0",
   "author": "Troy Goode <troygoode@gmail.com> (https://github.com/troygoode/)",
   "description": "middleware for dynamically or statically enabling CORS in express/connect applications",
   "keywords": ["cors", "express", "connect", "middleware"],

test/cors.js

@@ -75,6 +75,26 @@
       cors()(req, res, next);
     });
 
+    it('can configure preflight success response status code', function (done) {
+      // arrange
+      var req, res, next;
+      req = fakeRequest();
+      req.method = 'OPTIONS';
+      res = fakeResponse();
+      res.end = function () {
+        // assert
+        res.statusCode.should.equal(200);
+        done();
+      };
+      next = function () {
+        // assert
+        done('should not be called');
+      };
+
+      // act
+      cors({optionsSuccessStatus: 200})(req, res, next);
+    });
+
     it('doesn\'t shortcircuit preflight requests with preflightContinue option', function (done) {
       // arrange
       var req, res, next;