Enable CORS in Nodejs with expressjs4

Question

I'm trying to host standalone JS widget in node server with CORS enabled. I'm using Expressj 4 and want to server css,js and font file.

Issue i'm facing now is font files are not loaded

var express = require('express');
var path = require('path');

var methodOverride = require('method-override');
var bodyParser = require('body-parser');


var app = express();


var environmentRoot =  require('path').normalize(__dirname );

app.set('views', environmentRoot + '/public');
app.engine('html', require('ejs').renderFile);

app.use(methodOverride());
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));

app.use(express.static(environmentRoot + '/public'));


app.all('*', function(req, res, next) {
   res.header("Access-Control-Allow-Origin", "*");
   res.header("Access-Control-Allow-Headers", "X-Requested-With");
   next();
});


var portNum = process.env.PORT || 3002;

app.listen(portNum, function (a) {
   console.log("Server listening in http://localhost:"+portNum);
});

Package JSON

{
   "name": "PackageApp",
   "version": "0.1.0",
   "dependencies": {
      "express" : "~4.9.0",
      "body-parser": "~1.8.1",
      "method-override": "~2.2.0",
      "ejs" : "~1.0.0"
  },
  "devDependencies": {
    "grunt": "~0.4.5",
    "grunt-html2js": "~0.1.0"
  }
}

Answer 1

I would try flipping these statements from:

app.use(express.static(environmentRoot + '/public'));


app.all('*', function(req, res, next) {
   res.header("Access-Control-Allow-Origin", "*");
   res.header("Access-Control-Allow-Headers", "X-Requested-With");
   next();
});

to

app.all('*', function(req, res, next) {
   res.header("Access-Control-Allow-Origin", "*");
   res.header("Access-Control-Allow-Headers", "X-Requested-With");
   next();
});

app.use(express.static(environmentRoot + '/public'));

I would expect that the headers need to be set before the body is sent to the client