app.use(function (req, res, next) {
var origins = [
'http://example.com',
'http://www.example.com'
];
for(var i = 0; i < origins.length; i++){
var origin = origins[i];
if(req.headers.origin.indexOf(origin) > -1){
res.header('Access-Control-Allow-Origin', req.headers.origin);
}
}
res.header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
next();
});